wolfgang
Messages: 26 Location: Bochum
|
Created: 2005-01-07, 07:31 PM CET Subject: NIS and local authentication
print
recommend
|
|
|
If NIS is not yet available, on a server in your local net:
apt-get install nis
when being asked, choose server and put in a name of your choice as NIS domainname. (this name will reside in /etc/defaultdomainname).
This name has nothing to do with your local domain but can be the same.
EDIT: If you're using NIS for the first time, be aware of this one. When the process ypserv is up and running for the first time, nothing will work as you expect. Go to /var/yp and do "make". Now user data will be available on the network. Each time when you've created or changed an account you'll have to execute this command.
The next steps have to be done in the terminals chroot.
apt-get install nis
When being asked, choose client and put in your NIS domainname.
Of course /etc/nsswitch.conf has to be modified as usual (e.g. replace three times "compat" by "nis files").
The file /etc/lessdisks/terminal_install.conf must have the (additional) entry /var/yp in rw_dirs.
If the portmapper fails (ypbind needs a working portmapper), check this one:
/etc/network/interfaces should look like that ----------------------------------------------------------------- # Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or # /usr/share/doc/ifupdown/examples for more information. auto lo iface lo inet loopback
maybe there are duplicate entries (lines), delete them.
mount xapp:/home on /home by hand and put a line into /etc/fstab if mounting succeeded.
Now ssh to the terminal and logging in should be possible for an ordinary user, he has to accept the host key from the terminal (once) and to enter the password.
to drop these steps, one may proceed:
1) on the xapp server create the file (if not yet existant) /etc/ssh/ssh_known_hosts copy the content of /etc/ssh/ssh_host_rsa_key.pub into the file /etc/ssh/ssh_known_hosts, then edit the inserted line like this:
- delete everything at the end of the line starting after = - for each individually configured terminal add a line with the terminal's name and ip at the beginning of the line.
Given the terminals moon and turtle, the content of /etc/ssh/ssh_known_hosts should look similar to this:
(first line) moon,172.16.90.5 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoZlcaaJsAn2I5prbzrCDHdpNfsytKUWzi4D78ha64emXsFo WerfJugm67mj2AM7al0JY3IY4m6Xt27HwVLJLcL3FKIvMCePyOBqXhTvVmE5tqRLuGKrghWqcLF dU6q8gEwMCRsEEuj/E9D2lJQ34tGIb+ouZJXD1C2dyAsLFO79= (second line) turtle,172.16.90.7 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoZlcaaJsAn2I5prbzrCDHdpNfsytKUWzi4D78ha64emXsFo WerfJugm67mj2AM7al0JY3IY4m6Xt27HwVLJLcL3FKIvMCePyOBqXhTvVmE5tqRLuGKrghWqcLF dU6q8gEwMCRsEEuj/E9D2lJQ34tGIb+ouZJXD1C2dyAsLFO79=
2) as always, for a user to be able to log in without a password, he has to put his public key on the system he is starting from into the file .ssh/authorized_keys2 in his home dir on the system he wants to connect to. Now funny enough these home dirs are identical, cause we have got /home mounted. So a user has to change to the directory .ssh in his home dir, create there (if not yet existant) the file authorized_keys2 and copy the content of the file id_dsa.pub into authorized_keys2
[edited: 2005-09-26, 04:00 PM CET by wolfgang]
|
|