To enable NIS authentication for an NIS client by using the Authentication Configuration GUI:
Install the
yp-tools
andypbind
packages:#
yum install yp-tools ypbind
Run the Authentication Configuration GUI:
#
system-config-authentication
Select NIS as the user account database and enter values for:
- NIS Domain
The name of the NIS domain. For example:
mynisdom
.- NIS Server
The domain name or IP address of the NIS server. For example,
nissvr.mydom.com
.
Select either Kerberos password or NIS password for authentication.
If you select Kerberos authentication, enter values for:
- Realm
The name of the Kerberos realm.
- KDCs
A comma-separated list of Key Distribution Center (KDC) servers that can issue Kerberos ticket granting tickets and service tickets.
- Admin Servers
A comma-separated list of Kerberos administration servers.
Alternatively, you can use DNS to configure these settings:
Select the Use DNS to resolve hosts to realms check box to look up the name of the realm defined as a
TXT
record in DNS, for example:_kerberos.mydom.com IN TXT "MYDOM.COM"
Select the Use DNS to locate KDCs for realms check box to look up the KDCs and administration servers defined as
SVR
records in DNS, for example:_kerberos._tcp.mydom.com IN SVR 1 0 88 krbsvr.mydom.com _kerberos._udp.mydom.com IN SVR 1 0 88 krbsvr.mydom.com _kpasswd._udp.mydom.com IN SVR 1 0 464 krbsvr.mydom.com _kerberos-adm._tcp.mydom.com IN SVR 1 0 749 krbsvr.mydom.com
Click Apply to save your changes.
WarningNIS authentication is deprecated as it has security issues, including a lack of protection of authentication data.
Figure 22.4 shows the Authentication Configuration GUI with NIS selected as the user account database and Kerberos selected for authentication.
You can also enable and configure NIS or Kerberos authentication by using the authconfig command.
For example, to use NIS authentication, specify the --enablenis option together with the NIS domain name and the host name or IP address of the master server, as shown in the following example:.
#authconfig --enablenis --nisdomain mynisdom
\--nisserver nissvr.mydom.com --update
The --enablenis option configures
/etc/nsswitch.conf
to enable the system to use NIS for information
services. The --nisdomain and --nisserver settings are
added to /etc/yp.conf
.
For more information, see the authconfig(8)
,
nsswitch.conf(5)
, and yp.conf(5)
manual
pages.
For information about using Kerberos authentication with NIS, see Section 22.6.3, “Enabling Kerberos Authentication”.