nis+aufs 的账号认证

nis(网络信息系统) 是一种身份验证方式

集中身份验证

nis client : ypbind   ----> nis server: ypserv  #客户端访问服务器的 portmapper.服务器为客户端分配一个端口进行通讯

        yppasswd----->yppasswd  #提供用户在线修改口令

实验案例:构建一个nis集中认证服务器用于身份验证

nis server 的主机名为:nis.abc.com

nis client 的主机名为:client.abc.com

在服务器上的配置如下:

安装 nis 认证服务器用于认证的服务软件包

[root@nis Server]# rpm -ivh ypserv-2.19-5.el5.i386.rpm

warning: ypserv-2.19-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... #################################### [100%]

1:ypserv #################################### [100%]

[root@nis Server]# service ypserv start

[root@nis Server]# chkconfig ypserv on

启动yppasswd 服务

[root@nis  ~]# service yppasswdd start

启动 YP 口令服务: [确定]

[root@a ~]# chkconfig yppasswdd on

编辑配置文件

[root@nis Server]# cd /var/yp/

[root@nis yp]# vim Makefile

23 NOPUSH=true #仅仅有一个服务器时不需要推送。多个服务器需要推送。

32 MINUID=500 #导入账号的起始用户账号

33 MINGID=500 #导入账号的起始组账号

61 YPSRCDIR = /etc

62 YPPWDDIR = /etc

63 YPBINDIR = /usr/lib/yp

64 YPSBINDIR = /usr/sbin

65 YPDIR = /var/yp

66 YPMAPDIR = $(YPDIR)/$(DOMAIN)

117 all: passwd group hosts \  #修改导入账号数据的来源

在nis服务器中添加域名

[root@nis yp]# vim /etc/sysconfig/network

3 HOSTNAME=nis.abc.com

4 NISDOMAIN=abc

[root@a yp]# /usr/lib/yp/ypinit -m #将配置文件中指定的账号来源文件中的账号信息导入nis数据库中

At this point, we have to construct a list of the hosts which will run NIS

servers. nis.abc.com is in the list of NIS server hosts. Please continue to add

the names for the other hosts, one per line. When you are done with the

list, type a <control D>.

next host to add: nis.abc.com

next host to add:

The current list of NIS servers looks like this:

nis.abc.com

Is this correct? [y/n: y] y

We need a few minutes to build the databases...

Building /var/yp/abc/ypservers...

gethostbyname(): Resource temporarily unavailable

Running /var/yp/Makefile...

gmake[1]: Entering directory `/var/yp/abc'

Updating passwd.byname...

Updating passwd.byuid...

Updating group.byname...

Updating group.bygid...

Updating hosts.byname...

Updating hosts.byaddr...

gmake[1]: Leaving directory `/var/yp/abc'

nis.abc.com has been set up as a NIS master server.

Now you can run ypinit -s nis.abc.com on all slave server.

[root@nis ~]# cd /var/yp/

[root@nis yp]# ll

总计 48

drwxr-xr-x 2 root root 4096 10-11 12:11 abc

drwxr-xr-x 2 root root 4096 2009-04-15 binding

-rw-r--r-- 1 root root 16635 10-11 11:57 Makefile

-rw-r--r-- 1 root root 185 2006-07-13 nicknames

drwxr-xr-x 2 root root 4096 10-11 12:01 (none)

-rw-r--r-- 1 root root 13 10-11 12:10 ypservers

[root@nis yp]# cd abc

[root@nis abc]# ll
总计 112
-rw------- 1 root root 12429 10-11 17:04 group.bygid
-rw------- 1 root root 12434 10-11 17:04 group.byname
-rw------- 1 root root 12576 10-11 17:04 hosts.byaddr
-rw------- 1 root root 12594 10-11 17:04 hosts.byname
-rw------- 1 root root 12528 10-11 17:04 passwd.byname
-rw------- 1 root root 12523 10-11 17:04 passwd.byuid
-rw------- 1 root root 12361 10-11 12:11 ypservers

为nis集中的身份认证建立家目录

[root@nis ~]# mkdir /nishome

[root@nis ~]# chmod o+wt /nishome/

向账号库中添加账号

[root@nis ~]# useradd -d /nishome/user5 user5

[root@nis ~]# passwd user5

Changing password for user user5.

New UNIX password:

BAD PASSWORD: it is WAY too short

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

将账号的家目录进行共享

[root@nis ~]# vim /etc/exports

[root@nis ~]# exportfs -rv
exporting *:/nishome

在客户端上进行配置

image

修改验证方式

image

选择验证方式

image---》 image ---》image 

在客户端主机上创建目录并修改权限

 

[root@client ~]# mkdir /nishome

[root@client ~]# chmod o+wt /nishome/

 

将/nishome 目录设置自动挂载

[root@client ~]# vim /etc/auto.master

10 /nishome /etc/auto.qq --timeout=60

[root@client ~]# cp -p /etc/auto.misc /etc/auto.qq

[root@client ~]#vim /etc/auto.qq

17 * ro,soft,intr 192.168.10.200:/nishome/&

[root@client ~]#service autofs restart

停止 automount: [确定]

启动 automount: [确定]

此时使用user5账号进行验证登陆。成功进行账号的验证登陆。

你可能感兴趣的:(NIS,autofs,ypserv,ypbind,yppasswdd)