The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
This procedure assumes that:
NIS provides maps for
passwd,group, andauto.home.The NIS master server uses NFS to export the users' home directories. See Section 21.2.2, “Mounting an NFS File System”
NIS authentication is deprecated as it has security issues, including a lack of protection of authentication data.
To create an account for a NIS user on the NIS master server:
If the NIS master server does not already export the base directory of the users' home directories, perform the following steps on the NIS master server:
Create the base directory for user directories, for example
/nethome:#
mkdir /nethomeAdd an entry such as the following to
/etc/exports:/nethome *(rw,sync)
You might prefer to restrict which clients can mount the file system. For example, the following entry allows only clients in the 192.168.1.0/24 subnet to mount
/nethome:/nethome 192.168.1.0/24(rw,sync)
Use the following command to export the file system:
#
exportfs -i -o ro,sync *:/nethomeIf you have configured
/var/yp/Makfileto make theauto.homemap available to NIS clients, create the following entry in/etc/auto.home:* -rw,sync
nissvr:/nethome/&In the example,
nissvris the host name or IP address of the NIS server.
Create the user account:
#
useradd -b /nethomeusernameThe command updates the
/etc/passwdfile and creates a home directory on the NIS server.Depending on the type of authentication that you have configured:
For Kerberos authentication, on the Kerberos server or a client system with
kadminaccess, use kadmin to create a principal for the user in the Kerberos domain, for example:#
kadmin -q "addprincusername@KRBDOMAIN"The command prompts you to set a password for the user, and adds the principal to the Kerberos database.
For NIS authentication, use the passwd command:
#
passwdusernameThe command updates the
/etc/shadowfile with the hashed password.
Update the NIS maps:
#
make -C /var/ypThis command makes the NIS maps that are defined for the
alltarget in/var/yp/Makefile. If you have configuredNOPUSH=falsein/var/yp/Makefileand the names of the slave servers in/var/yp/ypservers, the command also pushes the updated maps to the slave servers.
A Kerberos-authenticated user can use either kpasswd or passwd to change his or her password. A NIS-authenticated user must use the yppasswd command rather than passwd to change his or her password.