The Linux NIS(YP)/NYS/NIS+ HOWTO

Thorsten Kukuk

앐Y - ({)

v1.3j1 2003-10-19 ( 1 July 2003)

  ̕ł Linux  NIS(YP) ܂ NIS+ ̃NCAgɐݒ肷
@A NIS T[oCXg[@ɂďqׂ܂B

 

Table of Contents
1. ͂߂
   
    1.1. ̍̕ŐV
    1.2. Ɛ
    1.3. tB[hobNƍ̉
    1.4. ӎ
   
2. pWƈʓIȏ
   
    2.1. pW  
    2.2. ʓIȏ  
   
3. NIS  NYS  NIS+ 
   
    3.1. libc 4/5 ł trad-NIS AƂ NYS CuH  
    3.2. glibc 2  NIS/NIS+  
    3.3. NIS  NIS+ H 
   
4. 쌴
   
    4.1. NIS ̓쌴 
    4.2. NIS+ ̓쌴 
   
5. RPC |[g}bp  
6. NIS ̐ݒ 
   
    6.1. }X^[T[oAX[uT[oANCAg߂ 
    6.2. \tgEFA 
   
7. NIS NCAg̐ݒ
   
    7.1. ypbind f[  
    7.2. trad-NIS p NIS NCAgZbgAbv 
    7.3. NYS p NIS NCAgZbgAbv 
    7.4. glibc 2.x p NIS NCAgZbgAbv 
    7.5. nsswitch.conf t@C  
    7.6. Shadow pX[h NIS 
   
8. NIS+ ̐ݒ
   
    8.1. \tgEFA 
    8.2. NIS+ NCAg̃ZbgAbv 
    8.3. NIS+  keylogin, login, PAM 
    8.4. nsswitch.conf t@C  
   
9. NIS T[o̐ݒ 
   
    9.1. T[ovO ypserv  
    9.2. T[ovO yps  
    9.3. rpc.ypxfrd vO  
    9.4. rpc.yppasswdd vO  
   
10. NIS/NYS CXg[̃`FbN  
11. NIS }bv̐ƍXV 
   
    11.1. NIS }bv̐ 
    11.2. NIS }bvXV 
    11.3. }bṽGg̒ 
   
12. ċN̎s
   
    12.1. NIS p̋NXNvg
    12.2. NIS hC
    12.3. fBXgr[VŗL̘b
   
13. rpasswd ŃpX[hύX 
   
    13.1. T[o̐ݒ 
    13.2. NCAg̐ݒ 
   
14. NIS ł悭Ƃ̉@  
15. 悭鎿 (FAQ) 

1. ͂߂

Linux }V͂ǂǂlbg[Nɐڑ悤ɂȂĂ܂B
lbg[NǗ̊ȗ̂߂ɁAقƂǂ̃lbg[N ( Sun 
x[XɂȂĂlbg[N) ł NIS Ă܂B Linux }V
ł́A NIS T[rX]ƂȂ󂯂A܂񋟂肷
Ƃł܂B܂ Linux }V́ASɋ@\ NIS+ NCAg
ē삳邱Ƃł܂B͂܂x[^̒iKłB

̕ Linux }V NIS(YP)  NIS+ ZbgAbv@ɂ
ċLq̂łB̗pɂĂ Section 5 ͕Kǂŉ
B

NIS-HOWTO  Thorsten Kukuk <kukuk@suse.de> ɂĕҏWEǗĂ
܂B

ȑO NIS-HOWTO ́Aȉ̐lXɂĎM܂BނɊӂ܂
B

Andrea Dell'Amico <adellam@ZIA.ms.it>      
Mitchum DSouza    <Mitch.DSouza@NetComm.IE>
Erwin Embsen      <erwin@nioz.nl>          
Peter Eriksson    <peter@ifm.liu.se>       

󒍁F v0.2 ̓{͍ݗǐɂČJ܂B 0.6 ւ̒
ƈȍ~̊Ǘ͒앐YsĂ܂B

 

1.1. ̍̕ŐV

̍̕ŐVł͂ł WWW ŉ{邱Ƃł܂B URL  http:/
/www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html łB

̃hLg̍ŐVł́A Linux ֘A WWW TCg FTP TCgɂo
^܂B LDP ̃z[y[Wɂ܂B

|󕶏ւ̃N http://www.linux-nis.org/nis-howto/ ɂ܂Ƃ߂Ă
܂B

󒍁F{ł̍̕ŐVł JF Project ̃y[W <http://
www.linux.or.jp/JF/JFdocs/NIS-HOWTO/> ɒu܂B

 

1.2. Ɛ

͎͂̒̕mőW߂ďłAmłȂ
邩܂B̕ŏЉĂvOɂẮAꂼ
ɕtĂ README t@CKǂŉBɂ͂ڂ
萳mȏ񂪏Ă͂ł̂ŁB񂱂̃hL
gł邾ԈႢ̂Ȃ̂ɂĂƍlĂ܂B

 

1.3. tB[hobNƍ̉

̕Ɋւ鎿Rg܂ACy Thorsten Kukuk
܂Ń[BAhX kukuk@linux-nis.org <mailto:
kukuk@linux-nis.org> łBĂᔻ}܂B̕Ɍ
AɘAĉΎ̔łŒ܂B낵肢܂B

󒍁F|ɑ΂Rg͒앐Y <nakano@apm.seikei.ac.jp> ܂ł
܂B

ȂAȂ Linux zzpbP[WɓL̖ɊւĂ͎Ƀ[
ȂŉIׂ͂Ă̔zzpbP[WmĂł͂܂
BA@Ă΁AɒǉƂ͎vĂ
B

 

1.4. ӎ

̃hLg쐬ɂāAړI邢͊ԐړIɂbɂ
܂ȉ̕XɊӂ܂BAt@xbgɁF

Byron A Jeff           <byron@cc.gatech.edu>
Markus Rex             <msrex@suse.de>      
Miquel van Smoorenburg <miquels@cistron.nl> 
Dan York               <dyork@lodestar2.com>
Christoffer Bromberg   <christoffer@web.de> 

yp-clients ̃IWiR[h Theo de Raadt ɂč쐬܂B
Swen Thuemmler  yp-clients ̃R[h Linux ɈڐAA yp ֘Ã[
` ( Theo ̎d)  libc ɈڐA܂B Thorsten Kukuk 
GNU libc 2.x  NIS(YP)  NIS+ ̃[`XNb`珑܂
B

󒍁F{ɂẮAڍׂȍZĉ{iA
LA˂͂߁A JF [OXg̊Fɂbɂ
܂B

 

2. pWƈʓIȏ

2.1. pW  

̃hLgł͑̏ȗꂪgĂ܂BȉɏdvȂ̂
ȒPɋĂ܂B

DBM
   
    f[^x[X}lWg (DataBase Management)BL[ƃf[^
    ̃yAǗf[^x[X@\CûƁB
   
DLL
   
    INCu (Dynamically Linked Library)BvO̎s
    ɃN郉CûƁB
   
domainname
   
    NIS T[osL[[hB NIS NCAggp NIS
    T[o肷̂ɗpB domainname  DNS  "domain"
    Ɠ̂ɂKv͂ȂAނʂɂׂłB
   
FTP
   
    t@C]vgR (File Transfer Protocol)BRs[^ԂŃt
    @C]鎞ɗpvgR̈B
   
libnsl
   
    l[T[rXCu (Name services library)B SVR4 Unix ɂ
    l[T[rX֘A̖ (getpwnam, getservbyname Ȃ) ̃Cu
    B GNU libc ł NIS (YP)  NIS+ @\ɂ̃Cup
    B
   
libsocket
   
    SVR4 Unix ŁA\Pbg֌W̃VXeR[ (socket, bind, listen 
    ) 񋟂郉CuB
   
NIS
   
    lbg[NT[rX (Network Information Service)Blbg[
    Nׂ̂Ă̌vZ@ŕKvȏLT[rX̂ƁB Linux 
    W libc Cuɂ NIS ̃T|[g܂܂ĂA̕
    ł "trad-NIS" ƋLB
   
    (󒍁Fł "traditional NIS" łÂŖ҂ɑ
    ꂵ܂)
   
NIS+
   
    Network Information Service (Plus)B{Iɂ NIS @\Abv
    ́B NIS+  Sun Microsystems Inc. ɂĐ݌vA NIS p
    ̂ƂĂBZLeBA傫ȃVXeɓ
    ̂eՂɂȂĂB
   
NYS
   
    NYS ́uNIS+, YP, Switchv\vWFNgłB Peter
    Eriksson <pen@signum.se> ǗĂB̃vWFNgł NIS(=
    YP) ̃R[h 0 ĎĂA NYS Cũl[T[r
    XXCb`@\𗘗p悤ɂȂĂB
   
NSS
   
    l[T[rXXCb` (Name Service Switch)B /etc/nsswitch.conf
    t@CɂāAȅ̃NGXgɑ΂ĂǂȏԂŌ
    s肷B
   
RPC
   
    [gvVW[R[ (Remote Procedure Call)B C vO
     RPC [`𗘗p΁Albg[Nɂ鑼̌vZ@̎葱
     (Tu[`) ĂтƂłBʏ̕ɂĂ Sun
     RPC ̈Ӗŗp邱ƂB
   
YP
   
    CG[y[W (Yellow Pages (TM)) Yellow Pages ͉p British
    Telecom Ђ̓o^WB
   
TCP-IP
   
    Transmission Control Protocol/Internet Protocol ̗B TCP/IP 
    Unix Ŕɂ悭gĂf[^ʐMvgRłB
   
 

2.2. ʓIȏ  

ȉ̓e Sun(tm) System & Network Administration Manual ̈p
łB

    NIS ͂ăTECG[y[W (Sun Yellow Pages, YP) ƌĂ΂
    ܂BuYellow Pagesv͉p British Telecom Ђ̓o^W
    ŁAgp邱Ƃł܂̂ŁANIS ƌĂԂƂɂ܂
    B
   
NIS  Network Information Service ̗łBlbg[Nׂ̂Ă̌v
Z@ŋLׂ񋟂邽߂ɗp܂B NIS Œ񋟂
Ƃ́AႦΈȉ̂悤Ȃ̂łB

 E OCApX[hAz[fBNg (/etc/passwd)
   
 E O[v (/etc/group)
   
 

Ⴆ΁AȂ̃pX[h NIS ̃pX[hf[^x[Xɓo^Ă
Ƃ܂傤BƂȂ́A NIS ̃NCAgvO
Ă΁Albg[N̂ǂ̌vZ@ɂOC邱Ƃł悤
ɂȂ̂łB

Sun  Sun Microsystems Ђ̏WłA SunSoft ЂɃCZX^
Ă܂B

 

3. NIS  NYS  NIS+ 

3.1. libc 4/5 ł trad-NIS AƂ NYS CuH  

trad-NIS p邩 NYS Cu NIS R[hp邩́Au@\
vƂ邩u_`vƂ邩̑Iƌ܂B

trad-NIS ̃R[h͕W C CuɓĂ炾ԌoĂ܂B
܂ꂪÂA_ɌƂ낪܂B

 NYS Cu NIS R[hpɂ́A libc CuăR
pC libnsl ̃R[h libc ̒Ɋ܂߂Kv܂ (̂悤
ɃRpCꂽ libc Cuł邩܂)B

̑_ƂāA trad-NIS ̃R[hł NIS ̃lbgO[v@\
g܂A NYS ̃R[hɂ͎Ă܂Bt NYS ̃R[h
 Shadow Password 𓧉ߓIɈƂł悤ɂȂĂ܂A
trad-NIS ̃R[h NIS oR Shadow pX[hT|[gĂ܂
B

 

3.2. glibc 2  NIS/NIS+  

GNU C Library 2.x (libc6) gĂꍇ́Aȏ̑SĂ͖Yĉ
B libc6 ł NSS (l[XCb`T[rX) SɃT|[gĂA
ɏ_ȉ^pł悤ɂȂĂ܂B܂ȉ NIS^NIS+ }bv
T|[gĂ܂: aliases, ethers, group, hosts, netgroups,
networks, protocols, publickey, passwd, rpc, services, shadow. GNU C
Library ł́A shadow pX[h NIS ł܂ȂƂł
܂B

 

3.3. NIS  NIS+ H 

NIS  NIS+ ̑I͊ȒPłBɃZLeBɉߕqɂȂKvȂ
΁ANIS g܂傤B NIS+ ̊Ǘ͂Ƒςł (NCAg
͂قǂł܂񂪁AT[o[Ǘ͒nł)B Linux 
 NIS+ ɂ͑̃oO܂AJ͎~܂Ă܂Ă܂B

 

4. 쌴

4.1. NIS ̓쌴 

ȂƂ 1  NIS ̃T[o[lbg[NɕKvłB̃T[
oғ邱Ƃł܂B̏ꍇ͂ꂼقȂ NIS uhC
ṽT[oƂ邩A邢 2 ̃T[oЂƂ̃hCŋ
ē삳邱ƂɂȂ܂B҂̍\ł 1 ̃T[ou}X^[T[
ovƂȂȂ̃T[o͑SāuX[uT[ovƌĂ΂܂ (
1 ́uhCvpꍇ̍\ł)B̗pAhC
Aꂼɑ΂T[oAƂ\\łB

X[uT[óA}X^[T[o NIS f[^x[X̃Rs[
A}X^[T[o NIS f[^x[XύXƁAꂻ󂯎
Blbg[NɐڑĂvZ@̑䐔ƃlbg[N̐Ml
AX[uT[oCXg[邩ǂ (CXg[ꍇ
̑䐔) ߂ĉB NIS NCAǵANIS T[ouāv
AX|Xx肷ꍇɂ́AĂȂT[oƃ
X|X̑T[oƂ̐ڑ݂܂B

NIS f[^x[X ASCII `̃f[^x[XϊꂽA DBM
tH[}bgɂȂĂ܂BႦ /etc/passwd  /etc/group Ƃt
@ĆA ASCII-DBM ϊvO (T[o\tgEFAɊ܂܂Ă 
makedbm) pĒ DBMtH[}bgɕϊł܂BNIS ̃}X^[T[
óA ASCII ` DBM `̃f[^x[XƂ̗ĂȂĂ͂
܂B

X[uT[o NIS }bvύXƒʒm󂯂܂ (yppush vO
p܂)BƃX[uT[o͕KvȕύXIɍsAf
[^x[X𓯊܂B NIS NCAgɂ̂悤ȍƂKv
܂BNCAg͏ɍŐV DBM f[^x[X̓e NIS T[
oɓǂ݂ɍsłB

ypbind ̌Âo[Wł́A쒆 NIS T[oT̂Ƀu[hL
XgpĂ܂Bɂ̓ZLeB̖肪܂BȂ
N NIS T[oCXg[āAu[hLXg̖₢킹ɓ
悤ɂł邩łBVo[W ypbind (ypbind-3.3 ܂
ypbind-mt) ł́AT[oݒt@C擾ł܂ - ău
[hLXg͕svłB

 

4.2. NIS+ ̓쌴 

NIS+  Sun ɂVlbg[NCtH[VT[rXłB
NIS  NIS+ ̍ł傫ȈႢ́ANIS+ ł̓f[^̈Í secure RPC 
ʂF؂Ƃ\ɂȂĂ_łB

NIS+ ̖f̓c[\ɊÂĂ܂Bc[̂ꂼ̃m[h
 NIS+ ̃IuWFNgɑΉĂAɂ͘Z̃^Cv܂B
fBNg (directory), Gg (entry), O[v (group), N
(link), e[u (table), vCx[g (private) łB

NIS+ ̖OԂŃ[gƂȂ NIS+ fBNg root fBNgƌ
΂܂B NIS+ ɂ͓̓ʂȃfBNg݂܂B org_dir 
groups_dir łB org_dir fBNgɂׂ͂Ă̊Ǘe[u܂܂
܂BႦ passwd, hosts, mail_aliases ȂǂłB groups_dir fBN
gɂ̓ANZXRg[ɗp NIS+ O[vIuWFNg
܂܂B org_dir  groups_dir т̐efBNgW߂
̂ NIS+ hCƂĎQƂ܂B

 

5. RPC |[g}bp  

ꂩĂ\tgEFA𓮂߂ɂ́A܂ /sbin/portmap 
삳ĂKv܂B Linux ̔zzpbP[W̒ɂ́Ãf[
𗧂グ邽߂̃R}h /sbin/init.d/  /etc/rc.d/ ɏ
ł̂܂̂ŁȀꍇ͊YLɂȂ悤ɂău
[g邾łBۂ̂̓fBXgr[ṼhLg
ǂ݂܂傤B

RPC |[g}bp (portmap(8)) ́A RPC vOԍ TCP/IP |[g
ɕϊT[ovOłB RPC T[o (NIS/NIS+ T[oȂ) 
RPC Ăтs (NIS/NIS+ NCAg͂sĂ܂) ߂ɂ
Ã}V RPC |[g}bpĂKv܂B RPC T[o
vÓAĎ TCP/IP |[gԍƃf[^񋟂 RPC vO
ԍANɃ|[g}bpɓ`܂BNCAgvOA
 RPC vOԍɃR[sۂɂ́A܂T[o}V RPC |
[g}bpƌMāAǂ TCP/IP |[gԍ RPC ̃pPbg𑗂Η
̂肵܂B

RPC T[ovO inetd(8) Nł܂A RPC |[g}b
p inetd OɋN悤ɂĂB

secure RPC pꍇɂ́A|[g}bp time T[rXKvƂ܂
BׂẴzXg /etc/inetd.conf ŁAȉ̂悤 time T[rXp
\ɂȂĂ邱ƂmFĉB

#                                                                      
# Time service is used for clock syncronization.                       
#                                                                      
time    stream  tcp     nowait  root    internal                       
time    dgram   udp     wait    root    internal                       

dvFݒt@CύX inetd ċN̂YȂ!

 

6. NIS ̐ݒ 

6.1. }X^[T[oAX[uT[oANCAg߂ 

܂ȉ̓̏ꍇlKv܂B

 

 1. ڑlbg[N NIS T[oꍇB
   
 2. ڑlbg[N NIS T[oȂꍇB
   
 

ŏ̃P[Xł ypbind, ypwhich, ypcat, yppoll, ypmatch ƂNC
AgvON邾Ŏg悤ɂȂ܂BԏdvȂ̂ 
ypbind ŁÃvO͏ɎsĂKv܂ (܂ ps
R}hsƂɃvZXe[uɕ\Ȃ΂Ȃ܂)B
ypbind ͂f[vZXŁAVXẽX^[gAbvt@C
NKv܂ (܂ /etc/init.d/nis, /sbin/init.d/
ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local Ȃ)B ypbind N
΁ǍvZ@͂̎_ NIS NCAgƂȂ܂B

Ԗڂ̃P[XA܂ NIS T[oȂꍇɂ́A NIS T[ovO
(ʏ ypserv) KvƂȂ܂B̕ Section 9 ł́A 
ypserv f[p Linux }V NIS T[oɐݒ肷@ɂ
Ă܂B

 

6.2. \tgEFA 

o[W 4.4.2 ȍ~̃VXeCu /usr/lib/libc.a ͋L
Cu /lib/libc.so.x ɂ́A NIS ̃NCAgET[ovO
RpCɕKvȃVXeR[ׂĊ܂܂Ă܂B GNU C Library
2 (glibc 2.x) ł /lib/libnsl.so.1 KvłB

NIS  /usr/lib/libc.a ̃o[W 4.5.21 ȏłȂƂ
܂̂ŁAŜ߂ɂ͌Â͎̂gȂǂł傤B NIS
̃NCAgvO͈ȉœł܂B

Site and Directory                            Filename                 
ftp.kernel.org:/pub/linux/utils/net/NIS <ftp: yp-tools-2.8.tar.gz      
//ftp.kernel.org/pub/linux/utils/net/NIS/>    ypbind-mt-1.13.tar.gz    
                                              ypbind-3.3.tar.gz        
                                              ypbind-3.3-glibc5.diff.gz

\tgɓꂽAĂɂĉB yp-clients
2.2  libc4 ܂ 5.4.20 ܂ł libc5 ƋɗpĉB libc
5.4.21 ȍ~ glibc 2.x ɂ yp-tools 1.4.1 ȍ~KvłBV
yp-tools ̃o[W 2.4 ́AׂĂ Linux libc œ삵܂B 5.4.21
 5.4.35 ܂ł libc ́A NIS ̃R[hɃoÔŎgȂ
ł傤B libc 5.4.36 ȍ~gȂƁAقƂǂ YP vO͓
삵Ȃł傤B ypbind 3.3 ׂẴCuœ삵܂B gcc
2.8.x ȍ~ egcsA glibc 2.x 𗘗pĂꍇ́A
ypbind-3.3-glibc5.diff pb` ypbind 3.3 ɓĂKv܂BZL
eBɖ肪̂ŁA\Ȃ ypbind 3.3 ͎gȂقǂł
傤B ypbind-mt ́AVJꂽ}`Xbh̃f[łB
ɂ Linux 2.2 J[l glibc 2.1 ȍ~KvłB

 

7. NIS NCAg̐ݒ

7.1. ypbind f[  

\tgEFA܂RpCłCXg[܂傤B ypbind
f[ /usr/sbin fBNgɓƗǂł傤B NYS ̃VXe
ł ypbind ͕KvȂƌl悤łA͊ԈĂ܂
B ypwhich  ypcat ́AȂ炸 ypbind KvƂ܂B

ypbind ̃CXg[͂X[p[[UōsKv܂B
oCi (ypwhich, ypcat, yppoll, ypmatch) ׂ͂Ẵ[U[ANZ
X\ȃfBNgɒu܂傤Bʏ /usr/bin ǂł傤B

ŋ߂ ypbind ɂ͐ݒt@C /etc/yp.conf ܂B NIS T[
o𒼂ɏĂƂł܂Bڂ ypbind(8) ̃}jAǂ
ŉB̃t@C NYS łKvłBȉ͗łB

ypserver 10.10.0.1                                                     
ypserver 10.0.100.8                                                    
ypserver 10.3.1.1                                                      

NIS ȂłzXg̉łVXeł́A IP AhXłȂO
p邱Ƃł܂BłȂ IP AhXp܂B ypbind
3.3 ɂ̓oOAŌ̃Gg (L̗ł ypserver 10.3.1.1) 
pꂸA͑SĖ܂B ypbind-mt ł͐Ƃł
AŏɕԎT[op܂B

ypbind X^[gAbvt@CɓOɃeXgĂƂ߂
܂B ypbind ̃eXg͈ȉ̂悤ɂčs܂B

 

 E YP ̃hCl[ݒ肳Ă邱ƂmFĉBݒ肳
    Ȃꍇ͈ȉ̂悤ɂ܂B
    
    /bin/domainname nis.domain                              
    
    nis.domain ͒ʏKȕŁAȂ̃}V DNS hCl[
    Ƃ͈Ⴄ̂ɂׂłBĂ΁AÕNbJ[T[
    o NIS pX[hf[^x[X𓐂ł̂킸Ȃ獢
    Ȃ܂B NIS hCmȂꍇ̓VXeǗ҂lbg[
    NǗ҂ɐq˂ĉB 
   
 E /sbin/portmap NĂȂ΋N܂B 
   
 E /var/yp ƂfBNgȂ΍쐬܂B 
   
 E /usr/sbin/ypbind N܂B 
   
 E ypbind T[rXe|[g}bpɓo^łǂm߂邽
    ɁA rpcinfo -p localhost ƂR}hsĉBȉ̂
    ȏo͂͂łB
    
    program vers proto   port                               
     100000    2   tcp    111  portmapper                   
     100000    2   udp    111  portmapper                   
     100007    2   udp    637  ypbind                       
     100007    2   tcp    639  ypbind                       
    
    邢͎gĂo[WɂĂ
    
    program vers proto   port                               
     100000    2   tcp    111  portmapper                   
     100000    2   udp    111  portmapper                   
     100007    2   udp    758  ypbind                       
     100007    1   udp    758  ypbind                       
     100007    2   tcp    761  ypbind                       
     100007    1   tcp    761  ypbind                       
    
    ̂悤ɂȂ邩܂B
   
 E rpcinfo -u localhost ypbind sĂ݂ĉBȉ̂悤ȕ\
    o͂łB
    
    program 100007 version 2 ready and waiting              
    
    邢̓CXg[ ypbind ̃o[WɂĂ
    
    program 100007 version 1 ready and waiting              
    program 100007 version 2 ready and waiting              
    
    ̂悤ȏo͂ɂȂ邩܂BdvȂ̂ "version 2" ̃bZ[
    WłB
   
 

܂ŗ ypcat ̂悤 NIS NCAgvOsł
łBႦ NIS ̃pX[hf[^x[XQƂꍇɂ́A ypcat
passwd.byname Ƃ܂B

dv: q ypbind ̃eXgȗꍇAȂƂhCl[
ݒ肵Ă邱Ƃ /var/yp ƂÕfBNgĂ邱
mFĉB /var/yp Ȃ ypbind ͐ɋNł܂B

hCl[̐ݒ肪ǂ`FbNɂ́A yp-tools 2.2
 /bin/ypdomainname gĉB̃vO
yp_get_default_domain() ֐ĝŁA茵`FbNł܂B
Ⴆ Linux ŃftHgɂȂĂ (đ̖̌ɂȂĂ
) "(none)" ̂悤ȃhĆÃvOł͋܂B

eXg܂X^[gAbvt@CύXāAu[g 
ypbind N悤ɂĂƗǂł傤BI NIS NCA
gƂĂ̊Jn܂B ypbind ̋NOɁAhCl[
肳悤ɂ̂YȂƁB

ȏŐݒ͏I܂Bu[gāAu[gbZ[W ypbind 
ɓ삵Ă邩ǂmFĉB

 

7.2. trad-NIS p NIS NCAgZbgAbv 

zXg̖O NIS pɂ́A /etc/host.conf t@Cŉ
w肷s "nis" w (܂͒ǉ) ĉBڍׂɕtĂ
resolv+(8) ̃}jAǂŉB

ȉ̍s NIS NCAg /etc/passwd ɒǉĉB

 

+::::::                                                                

 

+  - Ƃg΁A[U[ǉ/폜ԂύX
ł܂BႦ΃[U guest 폜Ȃ /etc/passwd t@C
-guest ǉ OK łB[U "linux" ɈVF (Ⴆ ksh)
g킹łāHvA"+linux::::::/bin/ksh"  /etc/passwd 
ǉ邾ł (p͎ĉ)BύXȂtB[h͋
܂܂ɂĂKv܂B[ŨRg[ɂ̓lbgO[v
p邱Ƃł܂B

Ⴆ΁uOCANZX miquiels, dth, ed ƃlbgO[v sysadmin
̃o[Ɍ肽AAJEgf[^͑̃[USKvv
Ƃ悤ȏꍇ͈ȉ̂悤ɂȂ܂B

 

+miquels:::::::                                                        
+ed:::::::                                                             
+dth:::::::                                                            
+@sysadmins:::::::                                                     
-ftp                                                                   
+:*::::::/etc/NoShell                                                  

 

Linux ł̓pX[h̃tB[h㏑ł邱ƂɒӂĉB
͍̗ƑSłB̗ł "ftp" ̃OC폜Ă܂
B]Ẵ[U݂͑ȂȂA anonymous ftp ͋@\ȂȂ܂
B

/etc/netgroup t@C͈ȉ̂悤ɂȂĂƎv܂B

sysadmins (-,software,) (-,kukuk,)                                     

dvFlbgO[v̋@\ libc 4.5.26 ܂B 4.5.26 
O libc gĂ Linux }V ypbind sƁA NIS ̃pX
[hf[^x[XɃGgׂẴ[U͂̃}VɃANZX
łĂ܂܂I

 

7.3. NYS p NIS NCAgZbgAbv 

KvȂ̂ NIS ̐ݒt@C (/etc/yp.conf) ŐT[o(Q)
炦悤ɂĂƁAăl[T[rXXCb`̐ݒt@C
 (/etc/nsswitch.conf) 𐳂ݒ肷邱ƂłB

ypbind CXg[Ă܂傤B libc ɂ͕Kv܂񂪁A NIS
(YP) ̊ec[ɂ͂ꂪKvɂȂ܂B

[U̒ǉEr@\ (+/-guest/+@admins) pꍇ́A "passwd:
compat"  "group: compat"  nsswitch.conf Ŏw肷Kv܂B
"shadow: compat" Ƃw͂܂B̏ꍇ "shadow: files nis"
̂悤ɂĉB

NYS ̃\[X libc 5 ̃\[XɓĂ܂B configure sA
"Values correct" ̖₢ɑ΂Ĉxڂ "NO" ƓĉB
"Build a NYS libc from nys" ɑ΂ "YES" ƓĉB

 

7.4. glibc 2.x p NIS NCAgZbgAbv 

glibc  trad-NIS 𗘗p܂B] ypbind NKv܂
B܂l[T[rXXCb`̐ݒt@C (/etc/nsswitch.conf) 
ݒ肷Kv܂B passwd/, shadow, group  compat [hg
ꍇ́Ãt@C̍Ō "+" ǉKv܂B[U
̒ǉE폜@\p邱Ƃł܂Bݒ Solaris 2.x ̂̂Ƃ܂
łB

 

7.5. nsswitch.conf t@C  

lbg[NT[rXXCb`̃t@C /etc/nsswitch.conf ́Aւ
ANZXvƂɍs̏Ԃ肷̂łBzXǧ
ŗp /etc/host.conf t@CƎĂ܂BႦ΂̃t@C
ɂ

hosts: files nis dns                                                   

Ǝw肷΁AzXǧ@\͂܂[J /etc/hosts t@C
TA NISAăhCl[T[rX (/etc/resolv.conf 
named) ƂԂŌs܂BŌ܂Ń}b`̂Ȃ΁AG
[Ԃ邱ƂɂȂ܂B̃t@C͑SẴ[Uǂݎ
\łȂ΂Ȃ܂Iڍׂȏ nsswitch.5  nsswitch.conf.5
̃}jAy[WĂB

NIS ŗp /etc/nsswitch.conf t@ĆAȉ̂悤Ȃ̂ɂȂł
傤B

#                                                                        
# /etc/nsswitch.conf                                                     
#                                                                        
# An example Name Service Switch config file. This file should be        
# sorted with the most-used services at the beginning.                   
#                                                                        
# The entry '[NOTFOUND=return]' means that the search for an             
# entry should stop if the search in the previous entry turned           
# up nothing. Note that if the search failed due to some other reason    
# (like no NIS server responding) then the search continues with the     
# next entry.                                                            
#                                                                        
# Legal entries are:                                                     
#                                                                        
#       nisplus                 Use NIS+ (NIS version 3)                 
#       nis                     Use NIS (NIS version 2), also called YP  
#       dns                     Use DNS (Domain Name Service)            
#       files                   Use the local files                      
#       db                      Use the /var/db databases                
#       [NOTFOUND=return]       Stop searching if not found so far       
#                                                                        
                                                                         
passwd:     compat                                                       
group:      compat                                                       
# For libc5, you must use shadow: files nis                              
shadow:     compat                                                       
                                                                         
passwd_compat: nis                                                       
group_compat: nis                                                        
shadow_compat: nis                                                       
                                                                         
hosts:      nis files dns                                                
                                                                         
services:   nis [NOTFOUND=return] files                                  
networks:   nis [NOTFOUND=return] files                                  
protocols:  nis [NOTFOUND=return] files                                  
rpc:        nis [NOTFOUND=return] files                                  
ethers:     nis [NOTFOUND=return] files                                  
netmasks:   nis [NOTFOUND=return] files                                  
netgroup:   nis                                                          
bootparams: nis [NOTFOUND=return] files                                  
publickey:  nis [NOTFOUND=return] files                                  
automount:  files                                                        
aliases:    nis [NOTFOUND=return] files                                  

passwd_compat, group_compat, shadow_compat  glibc 2.x ł̂݃T|[g
Ă܂B /etc/nsswitch.conf  shadow [Ȃ΁A glibc 
pX[ȟ passwd [p܂B glibc p̌W[
āA hesoid ̂悤Ȃ݂̂Ă܂BɂĂ glibc ̕
ǂłB

 

7.6. Shadow pX[h NIS 

NIS  shadow pX[h𗬒ʂ̂͗ǂlł͂܂B shadow
VXẽbgłZLeBĂ܂łBɂ
ꂪT|[gĂ Linux C Cu͏ɉ߂܂B NIS 
shadow 𗬂Ȃ悤ɂɂ́A[JVXẽ[U /etc/
shadow ɓo^邱ƂłB NIS ɗ[UGg shadow f[^x
[X폜ÃpX[h passwd ɏĉB
root OCɂ shadow Aʂ NIS [Uɂ passwd p邱
ł悤ɂȂ܂B̕@ȂAׂĂ NIS NCAgł܂
삵܂B

 

7.6.1. Linux

NIS  shadow pX[hp邱ƂłB Linux libc  GNU C
Library 2.x łB Linux libc5 ͂T|[gĂ܂B Linux
libc5  NYS ƈꏏɃRpCꍇ́ÃR[h܂܂邱Ƃ
͂Ȃ܂Bł̃R[h͏󋵂ɂĂ͂ЂǂĂ܂A shadow
GgSĐꍇł삵ȂƂ܂B

 

7.6.2. Solaris

Solaris  NIS oR shadow pX[hT|[gĂ܂B

 

7.6.3. PAM 

Linux-PAM 0.75 ȍ~ł NIS oR shadow pX[hT|[gĂ
B pam_unix.so W[AgW[ pam_unix2.so g܂
B pam_pwdb  libpwdb gĂÂVXe (Red Hat Linux 5.x 
) ł́A /etc/pam.d/* ̃GgύXKv܂B pam_pwdb
̃[Aׂ pam_unix_* W[oRɒu܂B

/etc/pam.d/login ̗Ɏ܂B

#%PAM-1.0                                                                         
auth     requisite      pam_unix2.so            nullok #set_secrpc                
auth     required       pam_securetty.so                                          
auth     required       pam_nologin.so                                            
auth     required       pam_env.so                                                
auth     required       pam_mail.so                                               
account  required       pam_unix2.so                                              
password required       pam_pwcheck.so          nullok                            
password required       pam_unix2.so            nullok use_first_pass use_authtok 
session  required       pam_unix2.so            none # debug or trace             
session  required       pam_limits.so                                             

 

8. NIS+ ̐ݒ

8.1. \tgEFA 

Linux  NIS+ NCAgR[h GNU C Cũo[W 2 p
JĂ܂BĂ͏pAvP[V̂قƂǂ libc5 Ƀ
NĂāA glibc ōăRpC邱Ƃ͂łȂ
A NIS+ R[h libc5 ֈڐÂ܂B libc5 
NIS+ ̑gݍ킹ɂ͖肪܂BX^eBbNȃvO libc5
ɃN邱Ƃ͂ł܂񂵁A libc5 CuŃRpCv
O͑̃o[W libc5 (gVXe) ł͓삵܂B

x[XƂȂVXeƂāADebian, Red Hat Linux, SuSE Linux ̂悤
glibc x[X̃fBXgr[VKvłB glibc 2.1.1 ȍ~
ĂȂfBXgr[VgĂꍇ́AVłɃAbvf[
gKv܂B

NIS+ NCAg̃\tgEFA͈ȉł܂B

Site and Directory                      Filename                       
ftp.gnu.org:/pub/gnu/glibc/ <ftp://     glibc-2.3.2.tar.gz             
ftp.gnu.org/pub/gnu/glibc/>             glibc-linuxthreads-2.3.2.tar.gz
ftp.kernel.org:/pub/linux/utils/net/    nis-utils-1.4.1.tar.gz         
NIS+ <ftp://ftp.kernel.org/pub/linux/                                  
utils/net/NIS+/>                                                       

http://www.linux-nis.org/nisplus/ ɂ́AڍׂȏƍŐṼ\[X
܂B

 

8.2. NIS+ NCAg̃ZbgAbv 

dvF NIS+ NCAgZbgAbvOɁA Solaris  NIS+ hL
gǂŃT[oŕKvȍƂsĉB̕ł̓NCA
głǂ΂悢ɂĂqׂĂ܂I

V libc  nis-tools CXg[A NIS+ T[oł̐V
ȃNCAgp̐MC (credential) 쐬܂B portmap 삵
邱ƂmF悤ɂĉBɃNCAgɂ Linux PC 
 NIS+ T[oƈvĂ邩`FbNĉB secure RPC ̏
́AMC؂̗LԂ 3 ܂BׂẴzXg xntpd 
点̂ǂł傤B炪mFłȉs܂B

 

domainname nisplus.domain.                                          
nisinit -c -H <NIS+ server>                                         

 

ɂ cold X^[gt@C܂B̃IvVɂ
Ă nisinit ̃}jAy[WǂŉBhCl[̓u[
ĝтɐݒ肳悤ɂĂĉBȂ̃lbg[N NIS+
hCl[킩Ȃꍇ́AVXelbg[N̊Ǘ҂ɐq
ĉB

 /etc/nsswitch.conf t@CύX܂B publickey ɏT[r
X nisplus  ("publickey: nisplus") ŁÂ̂͏Ă͂ȂȂ
ƂɒӂĉB

 keyserv NĉB̓u[gɁAK portmap ̒
N悤ɂĂĉB

keylogin -r                                                         

Ƃ΃VXe root ̔閧ۊǂ܂ (̐VzXg
J NIS+ ̃T[oɒǉ܂ˁH)B

niscat passwd.org_dir Ƃ΁A passwd f[^x[Xׂ̂ẴGg
邱Ƃł͂łB

 

8.3. NIS+  keylogin, login, PAM 

OCƂɁA[U͎̔閧 keyserv ɃZbgKv
܂Bɂ keylogin p܂B glibc 2.1 ƃRpCꍇ
́A shadow pbP[W login ͂[ȖɎsĂ܂
B PAM F login pӂɂ́A pam_keylogin-1.2.tar.gz C
Xg[A /etc/pam.d/login t@CύX pwdb ̑ pam&
_unix_auth g悤ɂKv܂ (pwdb  NIS+ T|[g
)B܂B

 

#%PAM-1.0                                                              
auth       required     /lib/security/pam_securetty.so                 
auth       required     /lib/security/pam_unix2.so       set_secrpc    
auth       required     /lib/security/pam_nologin.so                   
account    required     /lib/security/pam_unix2.so                     
password   required     /lib/security/pam_unix2.so                     
session    required     /lib/security/pam_unix2.so                     

 

 

8.4. nsswitch.conf t@C  

lbg[NT[rXXCb`̃t@C /etc/nsswitch.conf ́Aւ
ANZXvƂɍs̏Ԃ肷̂łBzXǧ
ŗp /etc/host.conf t@CƎĂ܂BႦ΂̃t@C
ɂ

 

hosts: files nisplus dns                                               

 

Ǝw肷΁AzXǧ@\͂܂[J /etc/hosts t@C
TA NIS+AăhCl[T[rX (/etc/resolv.conf 
named) ƌԂŌs܂BŌ܂Ń}b`̂Ȃ΃G
[Ԃ邱ƂɂȂ܂B

NIS+ p /etc/nsswitch.conf t@ĆAȉ̂悤Ȃ̂ɂĂΗ
ł傤B

#                                                                        
# /etc/nsswitch.conf                                                     
#                                                                        
# An example Name Service Switch config file. This file should be        
# sorted with the most-used services at the beginning.                   
#                                                                        
# The entry '[NOTFOUND=return]' means that the search for an             
# entry should stop if the search in the previous entry turned           
# up nothing. Note that if the search failed due to some other reason    
# (like no NIS server responding) then the search continues with the     
# next entry.                                                            
#                                                                        
# Legal entries are:                                                     
#                                                                        
#       nisplus                 Use NIS+ (NIS version 3)                 
#       nis                     Use NIS (NIS version 2), also called YP  
#       dns                     Use DNS (Domain Name Service)            
#       files                   Use the local files                      
#       db                      Use the /var/db databases                
#       [NOTFOUND=return]       Stop searching if not found so far       
#                                                                        
                                                                         
passwd:     compat                                                       
group:      compat                                                       
shadow:     compat                                                       
                                                                         
passwd_compat: nisplus                                                   
group_compat:  nisplus                                                   
shadow_compat: nisplus                                                   
                                                                         
hosts:      nisplus files dns                                            
                                                                         
services:   nisplus [NOTFOUND=return] files                              
networks:   nisplus [NOTFOUND=return] files                              
protocols:  nisplus [NOTFOUND=return] files                              
rpc:        nisplus [NOTFOUND=return] files                              
ethers:     nisplus [NOTFOUND=return] files                              
netmasks:   nisplus [NOTFOUND=return] files                              
netgroup:   nisplus                                                      
bootparams: nisplus [NOTFOUND=return] files                              
publickey:  nisplus                                                      
automount:  files                                                        
aliases:    nisplus [NOTFOUND=return] files                              

 

9. NIS T[o̐ݒ 

9.1. T[ovO ypserv  

̕ł́A NIS T[oƂĂ "ypserv" ̐ݒ@݂̂L܂B

NIS T[õ\tg͈ȉɂ܂B

Site and Directory                                   Filename          
ftp.kernel.org:/pub/linux/utils/net/NIS <ftp://      ypserv-2.9.tar.gz 
ftp.kernel.org/pub/linux/utils/net/NIS/>             ypserv-2.9.tar.bz2

http://www.linux-nis.org/nis/ ɁAڂ񂪂܂B

T[õZbgAbv@ trad-NIS / NYS ǂ̏ꍇłłB

RpC ypserv  makedbm ܂B securenets t@Cg
 ypserv-2.x ł́AANZXɂ securenets t@Cp@
݂T|[gĂ܂B

T[o}X^[ƂċNꍇ́A NIS pċLt@C
߂ĂB /var/yp/Makefile  "all" [ɕKvȂ̂
AsvȂ̂폜肵ĂB܂ Makefile ̐擪̕
KāAIvV̊ɂ킹ĕҏWĂׂłB

ypserv 1.1  ypserv 1.2 Ƃ̊Ԃł́A傫ȕύXs܂B 1.2 
~ł́At@CnhLbV悤ɂȂ̂łBɂ
AV}bv𐶐Ƃɂ͕K makedbm  -c IvV
΂ȂȂȂ܂B /var/yp/Makefile  ypserv 1.2 ȍ~ɕt
V̂ł邱ƂmFĉB邢 Makefile  makedbm 
-c tOĉBYƁAypserv ͍XVꂽ}bvł
ȂAÂ}bvgĂ܂܂B

 /var/yp/securenets  /etc/ypserv.conf ҏW܂Bڍׂ ypserv
(8)  ypserv.conf(5) ̃}jAy[WǂŉB

|[g}bp (rpc.portmap) Ă邩mFĉBmFł 
ypserv 𓮂܂B

 

% rpcinfo -u localhost ypserv                                       

 

ƂR}hsĂ݂āA

program 100004 version 1 ready and waiting                          
program 100004 version 2 ready and waiting                          

Əo͂邱ƂmFĉB

"version 1" ̍śA ypserv ̃o[WpݒɂĂ͏oȂ
܂BꂪKvɂȂ̂͐̂ SunOS 4.x NCAgƂĎg
ꍇłB

 NIS (YP) f[^쐬܂B}X^[T[oňȉsĉ
B

 

% /usr/lib/yp/ypinit -m                                             

 

X[uT[o ypwhich -m @\邱ƂmFĉB܂AX
[uɂzXǵA܂ NIS NCAgƂēłȂ΂Ȃ
̂łBmFłȉsāÃzXg NIS X[uɂ܂
B


% /usr/lib/yp/ypinit -s masterhost                                  


ł܂AT[o͓삵Ă͂łB

傫Ȗ肪A ypserv  ypbind ʂ xterm fobO
[hŋNĂ݂܂傤BfobOo͂牽Ȃ̂fł
łB

}bvXVKvꍇ́A NIS }X^[ /var/yp fBNg
 make sĂB\[Xt@CVꍇɂ̓}bvX
VAX[uT[o push ܂B}bv̍XVɂ ypinit ͗p
Ȃ悤ɂĂB

uX[uvT[oł root  crontab ҏWAȉ̂悤ȍsǉ
ĂƗǂ܂B

20 *    * * *    /usr/lib/yp/ypxfr_1perhour                            
40 6    * * *    /usr/lib/yp/ypxfr_1perday                             
55 6,18 * * *    /usr/lib/yp/ypxfr_2perday                             

}X^T[oł̍XV̍ۂɃX[u_EĂăf[^󂯑
ȂĂCɂ NIS }bvŐVɕۂƂł܂B

X[u͂łǉ邱Ƃł܂B܂VCXg[X
[uT[o NIS }X^[ɐڑ鋖Ă邩mF܂傤
B

% /usr/lib/yp/ypinit -s masterhost                                  

VX[uŎs܂B}X^[T[oł́A̐VX[uT
[o̖O /var/yp/ypservers ɒǉA /var/yp  make să}
bvXV܂B

NIS T[oւ̃[UANZX𐧌ꍇ́A NIS T[õzXgN
CAgƂĂsKv܂B܂ ypbind s "+"
̕tGgpX[ht@C /etc/passwd ̓rɒǉ܂B
Cu֐ NIS Ggȍ~ɒuꂽʏ̃GgSĖAc
 NIS ʂĎ擾܂B̂悤ɂ NIS ̃ANZX[
邱Ƃł܂B܂B

 

root:x:0:0:root:/root:/bin/bash                                           
daemon:*:1:1:daemon:/usr/sbin:                                            
bin:*:2:2:bin:/bin:                                                       
sys:*:3:3:sys:/dev:                                                       
sync:*:4:100:sync:/bin:/bin/sync                                          
games:*:5:100:games:/usr/games:                                           
man:*:6:100:man:/var/catman:                                              
lp:*:7:7:lp:/var/spool/lpd:                                               
mail:*:8:8:mail:/var/spool/mail:                                          
news:*:9:9:news:/var/spool/news:                                          
uucp:*:10:50:uucp:/var/spool/uucp:                                        
nobody:*:65534:65534:noone at all,,,,:/dev/null:                          
+miquels::::::                                                            
+:*:::::/etc/NoShell                                                      
[ All normal users AFTER this line! ]                                     
tester:*:299:10:Just a test account:/tmp:                                 
miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh

 

̂悤Ƀ[U "tester" ݂͑܂AVF /etc/NoShell ɂȂ
܂B miquels ͒ʏ̃ANZXƂɂȂ܂B

邢 /var/yp/Makefile t@CҏWA NIS gpX[ht@C
ʂɎw肷邱Ƃł܂B傫ȃVXeł́ANIS ̃pX[ht
@CƃO[vt@C͒ʏ /var/yp/ypfiles ɒuƂ悤ł
B̂悤ɂƃpX[ht@C֘ÅǗc[͎gȂȂ܂
B܂ passwd, chfn, adduser Ȃǂɑ΂Aʂȃc[KvɂȂ܂
B

 yppasswd, ypchsh, ypchfn ͓R삵܂B

 

9.2. T[ovO yps  

NIS T[o yps ̐ݒ͑ÕZNVQlɂĉB̎Ă܂
Sɓł͂Ȃ̂ŁA ypserv ̐Kpۂɂ͒ӂĉ
B yps ͂͂NT|[gĂ܂񂵁AZLeBz[
݂Ă܂Bgׂł͂܂I

yps ̃\tg͈ȉ̃TCgɂ܂B

Site and Directory                                      Filename       
ftp.lysator.liu.se:/pub/NYS/servers <ftp://             yps-0.21.tar.gz
ftp.lysator.liu.se/pub/NYS/servers/>                                   
ftp.kernel.org:/pub/linux/utils/net/NIS <ftp://         yps-0.21.tar.gz
ftp.kernel.org/pub/linux/utils/net/NIS/>                               

 

9.3. rpc.ypxfrd vO  

rpc.ypxfrd ͔ɑ傫 NIS }bv NIS }X^[ NIS X[uT
[o[ɓ]ۂɁA]邽߂ɗp܂B NIS X[u
T[o[́AV}bvƂbZ[W󂯎ƁÃ}bv
擾邽߂ ypxfr N܂B ypxfr  yp_all() ֐pă}
bv̓e}X^[T[o[ǂݍƂ܂B̏̓f[^[
x[XCuʂĕۑ邽߁A}bṽTCYɑ傫
ƁÃvZX͐Ă܂Ƃ܂B

rpc.ypxfrd T[o[́A NIS X[uT[o[Ƀ}X^[̃}bvt@C
PɃRs[A]vZX܂BX[uT[o[[
玩Õ}bv𐶐̂ɔׁA͂ƒZԂł݂܂B
rpc.ypxfrd  RPC x[X̓]vgRp̂ŁAV}bv
Kv͂܂B

rpc.ypxfrd  inetd N邱Ƃł܂ANɂ͎Ԃ
̂ŁA ypserv ƈꏏɃf[ƂċNĂقł傤B
rpc.ypxfrd  NIS }X^[T[ołNĂ OK łB

 

9.4. rpc.yppasswdd vO  

[UpX[hύXƂɂ́A NIS ̃pX[hf[^x[XA
Ɉˑ NIS f[^x[XύXȂ΂Ȃ܂B
sȂ̂ rpc.yppasswdd łB̃vO̓pX[hύX舵
A NIS ̏񂪐XV悤ɂ܂B rpc.yppasswdd 
ypserv ̈ꕔƂȂĂ܂BʃpbP[WɂȂĂ
yppasswd-0.9.tar.gz  yppasswd-0.10.tar.gz Ȃǂ͌Â̂ŎgKv͂
܂񂵁A܂gׂł͂܂B

rpc.yppasswdd ŝ NIS }X^[T[ô݂łBftHgł
A[U[̓tl[⃍OCVFύX邱ƂłȂ悤ɂ
Ă܂Bɂ́Aꂼ -e chfn  -e chsh IvV
w肵܂B

passwd  shadow t@C /etc ȊOɂꍇ́A -D IvVw
Kv܂BႦΑSẴ\[Xt@C /etc/yp ɒuāA[
UɃVF̕ύX\ɂꍇ́A rpc.yppasswdd ȉ̃p[^
ŎsȂ΂Ȃ܂:

# rpc.yppasswdd -D /etc/yp -e chsh                                  

܂

# rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh         

ł OK łB

ɂ͓ɂ邱Ƃ͂܂BA rpc.yppasswdd  /var/yp/
Makefile Ɠt@CgĂ邩ǂ͋CĂĂB
G[ syslog ʂċL^܂B

 

10. NIS/NYS CXg[̃`FbN  

ׂĂ܂sAȒPȃR}hgăCXg[̃`FbN
sĉBႦ΃pX[ht@C NIS/NYS ŋLĂꍇ
A

 

% ypcat passwd                                                      

 

ƂR}h NIS ̃pX[ht@C̓e͂łB܂

 

% ypmatch userid passwd                                             

 

Ƃ΁Aw肵[ŨGgpX[ht@Co
\܂ (userid ɂ͓Kȃ[ŨOC܂)BȂ 
ypcat  ypmatch ́A trad-NIS  NYS ̔zzpbP[WɓĂ܂B

[U[ɂ郍OCłȂꍇɂ́Aȉ̃vONCA
gŎsĂ݂ĉB

#include <stdio.h>                                                     
#include <pwd.h>                                                       
#include <sys/types.h>                                                 
                                                                       
int                                                                    
main(int argc, char *argv[])                                           
{                                                                      
  struct passwd *pwd;                                                  
                                                                       
  if(argc != 2)                                                        
    {                                                                  
      fprintf(stderr,"Usage: getwpnam username\n");                    
      exit(1);                                                         
    }                                                                  
                                                                       
  pwd=getpwnam(argv[1]);                                               
                                                                       
  if(pwd != NULL)                                                      
    {                                                                  
      printf("name.....: [%s]\n",pwd->pw_name);                        
      printf("password.: [%s]\n",pwd->pw_passwd);                      
      printf("user id..: [%d]\n", pwd->pw_uid);                        
      printf("group id.: [%d]\n",pwd->pw_gid);                         
      printf("gecos....: [%s]\n",pwd->pw_gecos);                       
      printf("directory: [%s]\n",pwd->pw_dir);                         
      printf("shell....: [%s]\n",pwd->pw_shell);                       
    }                                                                  
  else                                                                 
    fprintf(stderr,"User \"%s\" not found!\n",argv[1]);                
                                                                       
  exit(0);                                                             
}                                                                      

̃vO[Up[^ƂĎs܂ƁÃ[Uɑ
 getpwnam ֐Ԃ񂪑Sĕ\܂BɂāAǂ̃G
gԈĂ邩킩ł傤B悭ԈႢƂẮApX[
h̃tB[h "*" ɂď㏑ĂAȂǂ܂B

GNU C Library 2.1 (glibc 2.1) ɂ getent Ƃc[Ă܂B
̂悤ȃVXeł́AL̑ɂg܂傤B

% getent passwd                                                     



% getent passwd login                                               

̂悤ɎĂ݂܂傤B

 

11. NIS }bv̐ƍXV 

11.1. NIS }bv̐ 

ŏ NIS }bv́ÃR}hsĐ܂B


% /usr/lib/yp/ypinit -m                                             


 NIS }X^[T[o͂߂Đݒ肵Ƃɍs܂BɊւ
ڍׂ Section 9 ĂBT[oɐV}bvǉAÂ
}bv폜肵ꍇ́A /var/yp/Makefile ҏW all: [
ύX܂B}bv𐶐郋[̖OɒǉE폜܂B

}bv폜ꍇ́AΉۂ̃t@C폜Ȃ΂Ȃ܂
B

̕ύXsA


% make -C /var/yp                                                   


s΃}bv͂łB

 

11.2. NIS }bvXV 

NIS }bṽ\[XύX (ႦΐV[ŨAJEg passwd
t@CɒǉꍇȂ)A NIS }bvĐKv܂BP
Ɏ̃R}hs邾łB


% make -C /var/yp                                                   


̃R}h͂ǂ̃\[XύXꂽ𒲂ׁAV}bv𐶐A
ypserv Ƀ}bvύXꂽƂ`܂B

 

11.3. }bṽGg̒ 

NIS vgRł́AЂƂ̃Gg̒ 1024 ܂łɐ
܂B̒lPɑ₵čăRpC邱Ƃ͏o܂B NIS v2
gĂVXeׂ͂āAL[ƃf[^̒l 1024 oCgȉ̃TC
YɎ܂邱Ƃz肵Ă邽߂łB̊ǗĂNCAg
T[oœˑR YPMAXRECORD 𑝂₷ƁAlbg[N NIS 𗘗pĂ
̃}VƂ̑݉^p𑹂ȂƂɂȂ܂B삳ɂ́A
NIS T|[gĂ邷ׂẴx_̂ƂɂāAɕύXs
Kv܂B܂ȂƂ͖ł傤B

glibc 2.1 ȍ~ł́A̐ glibc  NIS ͖ȂĂ܂
B] Linux ł́A蒷Gg𗘗pł܂B͏L
ʂAlbg[Nɑ NIS NCAgT[oꍇɌ܂B

Gg NIS }bv𐶐ɂ́A /var/yp/Makefile  makedbm
ĂԍۂɁA --no-limit-check IvVǉ悤ɂ܂B

ȉ̂悤ȊɂȂ܂:


DBLOAD = $(YPBINDIR)/makedbm -c -m `$(YPBINDIR)/yphelper --hostname` --no-limit-check 


x: ̕ύX NIS vgRɔĂ܂B Linux g̓T|[g
ĂƂ͂A Linux œ삷AvP[VA̕ύXɓ
邩ǂ͂킩܂!

/etc/group Gg̏ꍇɂ́A̖邽߂̕ʖ@܂B
̃ACfBA Ken Cameron 񂹂܂B


1. Gg𕡐̍sɕAeO[v̖OƂ         
   ς܂B                                                       
                                                                    
2. ̊eO[v GID ͑Sɂ܂B                        
                                                                    
3. ŏ̃Ggɂ́AO[v GID ^܂B          
   ͂ɂ̓[U͒uȂ悤ɂĂ܂B                 
                                                                    
̌ʁAvÕ}bvǂނƁAw肵[Uɑ΂  
GID A܂B GID Ƀ}b`ŏ̃GgƁA   
̖OԂĒ~܂B͂܂񂪁A삵܂!       

 

12. ċN̎s

NIS T[oNCAgŐݒłA̐ݒ肪Nɂ
f邩mFȂ΂Ȃ܂B

`FbN_ 2 ܂BNXNvg邩ǂƁA NIS h
CꏊɕۑĂ邩ǂAłB

 

12.1. NIS p̋NXNvg

Ȃ̎gĂ Linux ł̋NXNvg̒uꏊɂȂĂfBN
g𒲂ׂ܂傤B /etc/init.d, /etc/rc.d/init.d, /sbin/init.d Ȃǂ
ȂĂƎv܂B NIS ̋NXNvg邩ǂmF܂傤
Bt@C̖O͂ӂ ypbind Ƃ ypclient ƂȂĂ悤łB

 

12.2. NIS hC

炭ꕔ̐lXɂƂāA NIS gł̍ő̓ւ́A NIS hC
ċNɂ擾ł悤ɂ邱Ƃł傤B Solaris 2.x ł́A
NIS hC /etc/defaultdomain  1 sŏĂ܂BA
قƂǂ Linux fBXgr[V͂̃t@CgĂȂ悤
łB

 

12.3. fBXgr[VŗL̘b

݂̂ƂA낢 Linux fBXgr[Vɂ NIS h
C̕ۊǏꏊ́Aȉ̂悤ɂȂĂ܂B

 

12.3.1. Caldera 2.xx

Caldera  /etc/nis.conf t@CpĂ܂B͒ʏ /etc/
yp.conf ƓłB

 

12.3.2. Debian

Debian  Sun Ɠ /etc/defaultdomain gĂ悤łB

 

12.3.3. Red Hat Linux 6.x, 7.x, 8, 9

/etc/sysconfig/network t@C NISDOMAIN ϐC (Ȃ΍쐬)
ĂB

 

12.3.4. SuSE Linux 6.x  7.x

/etc/rc.config t@C YP_DOMAINNAME ϐC SuSEconfig R}
hsĂB

 

12.3.5. SuSE Linux 8.x ȍ~

8.0 ȍ~ SuSE Linux ł́ASun Ɠ /etc/defaultdomain g悤
ɂȂ܂B

 

13. rpasswd ŃpX[hύX 

NIS pX[hύXWIȕ@ yppasswd ĂԂƂŁA̓V
XeɂĂ͒P passwd ̃GCAXɂȂĂ邱Ƃ܂B
̃R}h yppasswd vgRp̂ŁA NIS }X^[T[o 
rpc.yppasswdd vZX삵ĂKv܂B̃vgRɂ
AÂpX[hlbg[NɕŗĂ܂Ƃ_܂
BpX[h̕ύXɐ΁A͂قǖł͂܂B
ꍇÂpX[h͐VpX[hɒu邩łBpX
[h̕ύXɎsƁAU҂͂̃̕pX[hpÃ[U
ƂăOCłĂ܂܂Bɂ܂Ƃɂ́AVXeǗ҂
̃[U NIS pX[hύXꍇA NIS }X^[T[o root
pX[hlbg[N𕽕ŗĂ܂܂BẴpX[h
͕ύXȂ̂łB

̂ЂƂ́ApX[h̕ύX yppasswd pȂƂłB
ɎgǂvOA pwdutils pbP[WɓĂ rpasswd 
B

Site and Directory                              Filename               
ftp.kernel.org:/pub/linux/utils/net/NIS <ftp:// pwutils-2.3.tar.gz     
ftp.kernel.org/pub/linux/utils/net/NIS/>                               
ftp.suse.com:/pub/people/kukuk/pam/pam_pwcheck  pam_pwcheck-2.2.tar.bz2
<ftp://ftp.suse.com/pub/people/kukuk/pam/                              
pam_pwcheck/>                                                          
ftp.suse.com:/pub/people/kukuk/pam/pam_unix2    pam_unix2-1.16.tar.bz2 
<ftp://ftp.suse.com/pub/people/kukuk/pam/                              
pam_unix2/>                                                            

rpasswd ̓[gT[õ[UAJEg̃pX[hAS SSL 
ʂĕύX܂Bʏ̃[Ũ͎pX[hύXłA
҂̃pX[h (݂̓T[o root ̃pX[h) mĂ郆[U
́A rpasswd  -a IvV΂郆[ŨpX[hύX
ł܂B

 

13.1. T[o̐ݒ 

T[oł͂܂ؖ (certificate) KvłBؖ̃ftHg̃t@
C /etc/rpasswdd.pem łB̃t@C͎̃R}hō쐬ł
B

openssl req -new -x509 -nodes -days 730 -out /etc/rpasswdd.pem -keyout /etc/rpasswdd.pem


rpasswdd p PAM ݒKvłB NIS AJEg /etc/passwd ɕۑ
Ăꍇ́Â悤Ȃ̂{ɐݒ肵Ă݂Ɨǂł傤B

#%PAM-1.0                                                           
auth     required       pam_unix2.so                                
account  required       pam_unix2.so                                
password required       pam_pwcheck.so                              
password required       pam_unix2.so    use_first_pass use_authtok  
password required       pam_make.so     /var/yp                     
session  required       pam_unix2.so                                


NIS pX[h}bṽ\[Xʂ̏ꏊ (Ⴆ /etc/yp Ȃ) ɂꍇ
ɂ́A pam_unix2  nisdir IvVgƁȀꏊQƂł܂B

#%PAM-1.0                                                                         
auth     required       pam_unix2.so                                              
account  required       pam_unix2.so                                              
password required       pam_pwcheck.so  nisdir=/etc/yp                            
password required       pam_unix2.so    nisdir=/etc/yp use_first_pass use_authtok 
password required       pam_make.so     /var/yp                                   
session  required       pam_unix2.so                                              


ŁANIS }X^[T[o rpasswdd f[N܂B

pX[h̕ύX PAM W[ōs܂A rpasswdd  NIS+ 
LDAP ȂǁA PAM W[T|[gĂΑ̃T[rX̃pX[
hύXł܂B

 

13.2. NCAg̐ݒ 

NCAgł́Aݒt@C /etc/rpasswd.conf ɃT[o̖O
 OK łBT[oftHgȊÕ|[gœ삵Ăꍇ
Aɂ̃|[gĂ܂B


# rpasswdd runs on master.example.com                               
server master.example.com                                           
# Port 774 is the default port                                      
port 774                                                            


 

14. NIS ł悭Ƃ̉@  

ȉ̂悤Ȗ肪̃[U񍐂Ă܂B

 

 1. o[W 4.5.19 ̃Cu͉Ă NIS ͓삵܂B 
   
 2. Cu 4.5.19  4.5.24 ɃAbvO[h su R}h
    gȂȂ܂B̏ꍇ su R}h Slackware 1.2.0 
    肵܂BłɍŐṼCuĂ܂Ɨǂł傤B 
   
 3. NIS T[oċNہAypbind 
    
    yp_match: clnt_call:                                    
    RPC: Unable to receive; errno = Connection refused      
    
    ̂悤ȃbZ[W\A NIS ̃f[^x[Xɓo^Ăl
    OCłȂȂ邱Ƃ܂B root ŃOC ypbind 
    kill Aypbind NȂĂ݂ĉB ypbind 3.3 ȍ~ɃAb
    vf[gĂłƎv܂B 
   
 4. libc  5.4.20 ȏ̔łɃAbvO[hƁA YP tools 삵
    Ȃ܂B libc >= 5.4.21  glibc 2.x ɂ yp-tools 1.2 K
    vłBȑO̔ł libc ɂ yp-clients 2.2 KvłB
    yp-tools 2.x Ȃ炷ׂẴCuœ삵܂B 
   
 5. libc 5.4.21-5.4.35  yp_maplist ͉Ă܂B yp-tools 1.x p
    ɂ 5.4.36 ȍ~KvłBȂ ypwhich Ȃǂ YP vO
     segfault Ă܂͂łB 
   
 6. libc5  trad-NIS  shadow pX[h NIS ł̔zzT|[g
    ܂B libc5 + NYS ܂ glibc 2.x pKv܂B
   
 7. ypcat  "shadow" }bv\܂B͐łB
    shadow }bv̖O shadow ł͂ȂA"shadow.byname" łB
   
 8. Solaris ͕K|[gp܂B] Solaris ̃NCA
    gꍇ̓pX[h mangling pĂ͂܂B
   
 

 

15. 悭鎿 (FAQ) 

Ȃ^ɎvĂƂ͂܂łɑ啔ꂽƂƎv
A܂^_cĂ܂A

comp.os.linux.networking

ȂǂɎ₷ƗǂƎv܂B

󒍁F{̃j[XO[vƂĂ

fj.os.linux     
japan.comp.linux

Ȃǂǂł傤B

҂̃y[W (http://surf.ap.seikei.ac.jp/~nakano/linux/NIS-j.html) 
́AlIȃCXg[̌LĂقA̕ŏЉĂ
\tgEFÃ~[̂Â̂ЉĂ܂B

