The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To enable NIS authentication for a NIS client by using the Authentication Configuration GUI:
Install the
yp-tools
andypbind
packages:#
yum install yp-tools ypbind
Run the Authentication Configuration GUI:
#
system-config-authentication
Select NIS as the user account database and enter values for:
- NIS Domain
The name of the NIS domain. For example:
mynisdom
.- NIS Server
The domain name or IP address of the NIS server. For example,
nissvr.mydom.com
.
Select either Kerberos password or NIS password for authentication.
If you select Kerberos authentication, enter values for:
- Realm
The name of the Kerberos realm.
- KDCs
A comma-separated list of Key Distribution Center (KDC) servers that can issue Kerberos ticket granting tickets and service tickets.
- Admin Servers
A comma-separated list of Kerberos administration servers.
Alternatively, you can use DNS to configure these settings:
Select the Use DNS to resolve hosts to realms check box to look up the name of the realm defined as a
TXT
record in DNS, for example:_kerberos.mydom.com IN TXT "MYDOM.COM"
Select the Use DNS to locate KDCs for realms check box to look up the KDCs and administration servers defined as
SVR
records in DNS, for example:_kerberos._tcp.mydom.com IN SVR 1 0 88 krbsvr.mydom.com _kerberos._udp.mydom.com IN SVR 1 0 88 krbsvr.mydom.com _kpasswd._udp.mydom.com IN SVR 1 0 464 krbsvr.mydom.com _kerberos-adm._tcp.mydom.com IN SVR 1 0 749 krbsvr.mydom.com
Click Apply to save your changes.
WarningNIS authentication is deprecated as it has security issues, including a lack of protection of authentication data.
Figure 23.4 shows the Authentication Configuration GUI with NIS selected as the user account database and Kerberos selected for authentication.
You can also enable and configure NIS or Kerberos authentication by using the authconfig command.
For example, to use NIS authentication, specify the --enablenis option together with the NIS domain name and the host name or IP address of the master server, as shown in the following example:.
#authconfig --enablenis --nisdomain mynisdom
\--nisserver nissvr.mydom.com --update
The --enablenis option configures
/etc/nsswitch.conf
to enable the system to
use NIS for information services. The
--nisdomain and
--nisserver settings are added to
/etc/yp.conf
.
For more information, see the authconfig(8)
,
nsswitch.conf(5)
, and
yp.conf(5)
manual pages.
For information about using Kerberos authentication with NIS, see Section 23.6.3, “Enabling Kerberos Authentication”.