The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
This procedure assumes that:
NIS provides maps for
passwd
,group
, andauto.home
.The NIS master server uses NFS to export the users' home directories. See Section 21.2.2, “Mounting an NFS File System”
NIS authentication is deprecated as it has security issues, including a lack of protection of authentication data.
To create an account for a NIS user on the NIS master server:
If the NIS master server does not already export the base directory of the users' home directories, perform the following steps on the NIS master server:
Create the base directory for user directories, for example
/nethome
:#
mkdir /nethome
Add an entry such as the following to
/etc/exports
:/nethome *(rw,sync)
You might prefer to restrict which clients can mount the file system. For example, the following entry allows only clients in the 192.168.1.0/24 subnet to mount
/nethome
:/nethome 192.168.1.0/24(rw,sync)
Use the following command to export the file system:
#
exportfs -i -o ro,sync *:/nethome
If you have configured
/var/yp/Makfile
to make theauto.home
map available to NIS clients, create the following entry in/etc/auto.home
:* -rw,sync
nissvr
:/nethome/&In the example,
nissvr
is the host name or IP address of the NIS server.
Create the user account:
#
useradd -b /nethome
username
The command updates the
/etc/passwd
file and creates a home directory on the NIS server.Depending on the type of authentication that you have configured:
For Kerberos authentication, on the Kerberos server or a client system with
kadmin
access, use kadmin to create a principal for the user in the Kerberos domain, for example:#
kadmin -q "addprinc
username
@KRBDOMAIN
"The command prompts you to set a password for the user, and adds the principal to the Kerberos database.
For NIS authentication, use the passwd command:
#
passwd
username
The command updates the
/etc/shadow
file with the hashed password.
Update the NIS maps:
#
make -C /var/yp
This command makes the NIS maps that are defined for the
all
target in/var/yp/Makefile
. If you have configuredNOPUSH=false
in/var/yp/Makefile
and the names of the slave servers in/var/yp/ypservers
, the command also pushes the updated maps to the slave servers.
A Kerberos-authenticated user can use either kpasswd or passwd to change his or her password. A NIS-authenticated user must use the yppasswd command rather than passwd to change his or her password.