nis(网络信息系统) 是一种身份验证方式
集中身份验证
nis client : ypbind ----> nis server: ypserv #客户端访问服务器的 portmapper.服务器为客户端分配一个端口进行通讯
yppasswd----->yppasswd #提供用户在线修改口令
实验案例:构建一个nis集中认证服务器用于身份验证
nis server 的主机名为:nis.abc.com
nis client 的主机名为:client.abc.com
在服务器上的配置如下:
安装 nis 认证服务器用于认证的服务软件包
[root@nis Server]# rpm -ivh ypserv-2.19-5.el5.i386.rpm
warning: ypserv-2.19-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... #################################### [100%]
1:ypserv #################################### [100%]
[root@nis Server]# service ypserv start
[root@nis Server]# chkconfig ypserv on
启动yppasswd 服务
[root@nis ~]# service yppasswdd start
启动 YP 口令服务: [确定]
[root@a ~]# chkconfig yppasswdd on
编辑配置文件
[root@nis Server]# cd /var/yp/
[root@nis yp]# vim Makefile
23 NOPUSH=true #仅仅有一个服务器时不需要推送。多个服务器需要推送。
32 MINUID=500 #导入账号的起始用户账号
33 MINGID=500 #导入账号的起始组账号
61 YPSRCDIR = /etc
62 YPPWDDIR = /etc
63 YPBINDIR = /usr/lib/yp
64 YPSBINDIR = /usr/sbin
65 YPDIR = /var/yp
66 YPMAPDIR = $(YPDIR)/$(DOMAIN)
117 all: passwd group hosts \ #修改导入账号数据的来源
在nis服务器中添加域名
[root@nis yp]# vim /etc/sysconfig/network
3 HOSTNAME=nis.abc.com
4 NISDOMAIN=abc
[root@a yp]# /usr/lib/yp/ypinit -m #将配置文件中指定的账号来源文件中的账号信息导入nis数据库中
At this point, we have to construct a list of the hosts which will run NIS
servers. nis.abc.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: nis.abc.com
next host to add:
The current list of NIS servers looks like this:
nis.abc.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/abc/ypservers...
gethostbyname(): Resource temporarily unavailable
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/abc'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
gmake[1]: Leaving directory `/var/yp/abc'
nis.abc.com has been set up as a NIS master server.
Now you can run ypinit -s nis.abc.com on all slave server.
[root@nis ~]# cd /var/yp/
[root@nis yp]# ll
总计 48
drwxr-xr-x 2 root root 4096 10-11 12:11 abc
drwxr-xr-x 2 root root 4096 2009-04-15 binding
-rw-r--r-- 1 root root 16635 10-11 11:57 Makefile
-rw-r--r-- 1 root root 185 2006-07-13 nicknames
drwxr-xr-x 2 root root 4096 10-11 12:01 (none)
-rw-r--r-- 1 root root 13 10-11 12:10 ypservers
[root@nis yp]# cd abc
[root@nis abc]# ll
总计 112
-rw------- 1 root root 12429 10-11 17:04 group.bygid
-rw------- 1 root root 12434 10-11 17:04 group.byname
-rw------- 1 root root 12576 10-11 17:04 hosts.byaddr
-rw------- 1 root root 12594 10-11 17:04 hosts.byname
-rw------- 1 root root 12528 10-11 17:04 passwd.byname
-rw------- 1 root root 12523 10-11 17:04 passwd.byuid
-rw------- 1 root root 12361 10-11 12:11 ypservers
为nis集中的身份认证建立家目录
[root@nis ~]# mkdir /nishome
[root@nis ~]# chmod o+wt /nishome/
向账号库中添加账号
[root@nis ~]# useradd -d /nishome/user5 user5
[root@nis ~]# passwd user5
Changing password for user user5.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
将账号的家目录进行共享
[root@nis ~]# vim /etc/exports
[root@nis ~]# exportfs -rv
exporting *:/nishome
在客户端上进行配置
修改验证方式
选择验证方式
---》 ---》
在客户端主机上创建目录并修改权限
[root@client ~]# mkdir /nishome
[root@client ~]# chmod o+wt /nishome/
将/nishome 目录设置自动挂载
[root@client ~]# vim /etc/auto.master
10 /nishome /etc/auto.qq --timeout=60
[root@client ~]# cp -p /etc/auto.misc /etc/auto.qq
[root@client ~]#vim /etc/auto.qq
17 * ro,soft,intr 192.168.10.200:/nishome/&
[root@client ~]#service autofs restart
停止 automount: [确定]
启动 automount: [确定]
此时使用user5账号进行验证登陆。成功进行账号的验证登陆。