23.5.4 Enabling NIS Authentication

To enable NIS authentication for an NIS client by using the Authentication Configuration GUI:

  1. Install the yp-tools and ypbind packages:

    # yum install yp-tools ypbind
  2. Run the Authentication Configuration GUI:

    # system-config-authentication
  3. Select NIS as the user account database and enter values for:

    NIS Domain

    The name of the NIS domain. For example: mynisdom.

    NIS Server

    The domain name or IP address of the NIS server. For example, nissvr.mydom.com.

  4. Select either Kerberos password or NIS password for authentication.

  5. If you select Kerberos authentication, enter values for:

    Realm

    The name of the Kerberos realm.

    KDCs

    A comma-separated list of Key Distribution Center (KDC) servers that can issue Kerberos ticket granting tickets and service tickets.

    Admin Servers

    A comma-separated list of Kerberos administration servers.

    Alternatively, you can use DNS to configure these settings:

    • Select the Use DNS to resolve hosts to realms check box to look up the name of the realm defined as a TXT record in DNS, for example:

      _kerberos.mydom.com    IN TXT "MYDOM.COM"
    • Select the Use DNS to locate KDCs for realms check box to look up the KDCs and administration servers defined as SVR records in DNS, for example:

      _kerberos._tcp.mydom.com      IN SVR 1  0 88  krbsvr.mydom.com
      _kerberos._udp.mydom.com      IN SVR 1  0 88  krbsvr.mydom.com
      _kpasswd._udp.mydom.com       IN SVR 1  0 464 krbsvr.mydom.com
      _kerberos-adm._tcp.mydom.com  IN SVR 1  0 749 krbsvr.mydom.com
  6. Click Apply to save your changes.

    Warning

    NIS authentication is deprecated as it has security issues, including a lack of protection of authentication data.

Figure 23.4 shows the Authentication Configuration GUI with NIS selected as the user account database and Kerberos selected for authentication.

Figure 23.4 Authentication Configuration of NIS with Kerberos Authentication

The figure shows the Authentication Configuration GUI with NIS selected as the user account database and Kerberos selected for authentication.


You can also enable and configure NIS or Kerberos authentication by using the authconfig command.

For example, to use NIS authentication, specify the --enablenis option together with the NIS domain name and the host name or IP address of the master server, as shown in the following example:.

# authconfig --enablenis --nisdomain mynisdom \
  --nisserver nissvr.mydom.com --update

The --enablenis option configures /etc/nsswitch.conf to enable the system to use NIS for information services. The --nisdomain and --nisserver settings are added to /etc/yp.conf.

For more information, see the authconfig(8), nsswitch.conf(5), and yp.conf(5) manual pages.

For information about using Kerberos authentication with NIS, see Section 23.6.3, “Enabling Kerberos Authentication”.