passwd Files and Namespace Security - Working With Oracle® Solaris 11.2 Directory and Naming Services: DNS and NIS

Working With Oracle^® Solaris 11.2 Directory and Naming Services: DNS and NIS

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Working With Oracle^® Solaris ... » Setting Up and Configuring Network Information ... » Preparing the Master Server » passwd Files and Namespace Security

Updated: July 2014

Working With Oracle^® Solaris 11.2 Directory and Naming Services: DNS and NIS

Document Information

Using This Documentation

Chapter 1 About Naming and Directory Services

Chapter 2 About the Name Service Switch

Chapter 3 Managing Domain Name System

Chapter 4 Setting Up Oracle Solaris Active Directory Clients

Chapter 5 About the Network Information Service

Chapter 6 Setting Up and Configuring Network Information Service

Configuring NIS Task Map

Before You Begin Configuring NIS

NIS and the Service Management Facility

Planning Your NIS Domain

Identify Your NIS Servers and Clients

Preparing the Master Server

Preparing the Master Server (Task Map)

Source Files Directory

passwd Files and Namespace Security

How to Prepare Source Files for Conversion

Preparing /var/yp/Makefile

How to Install the NIS Master Server Package

How to Set Up the Master Server

How to Support Multiple NIS Domains on One Master Server

Starting and Stopping NIS Services on an NIS Server

Starting and Stopping NIS Services on an NIS Server (Task Map)

Starting the NIS Service Automatically

How to Enable the NIS Server Services Manually

How to Disable the NIS Server Services

How to Refresh the NIS Server Service

Setting Up NIS Slave Servers

Setting Up NIS Slave Servers (Task Map)

Preparing a Slave Server

How to Set Up a Slave Server

How to Start NIS on a Slave Server

How to Add a New Slave Server

Administering NIS Clients

Administering NIS Clients (Task Map)

How to Configure an NIS Client in Broadcast Mode

How to Configure an NIS Client Using Specific NIS Servers

Disabling the NIS Client Services

Chapter 7 Administering Network Information Service

Chapter 8 Troubleshooting Network Information System

Language:

`passwd` Files and Namespace Security

For security reasons, the files used to build the NIS password maps should not contain an entry for root, to prevent unauthorized root access. Therefore, the password maps should not be built from the files located in the master server's /etc directory. The password files used to build the password maps should have the root entry removed from them and be located in a directory that can be protected from unauthorized access.

For example, the master server password input files should be stored in a directory such as /var/yp, or any directory of your choice, as long as the file itself is not a link to another file and its location is specified in the Makefile. The correct directory option is set automatically according to the configuration specified in your Makefile.

Caution

Caution - Be sure that the passwd file in the directory specified by PWDDIR does not contain an entry for root.

If your source files are in a directory other than /etc, you must alter the PWDIR password macro in /var/yp/Makefile to refer to the directory where the passwd and shadow files reside. You change the line PWDIR=/etc to PWDIR=/your-choice, where your-choice is the name of the directory you that will use to store the passwd map source files.

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices