[TriLUG] Granting user console access via NIS - fedora 2

[Jon Carnes]

On Tue, 2004-10-12 at 15:25, Craig Cook wrote:
> I have a 7yr background in Solaris, only 1yr or so with Linux.  New site as well (been here 3 weeks) so don't know the full setup yet.
> 
> Anyway, I have NIS sort of working on fedora 2 (built using a kickstart server I setup).  I can login remotely (telnet or ssh) being authenticated via corporate NIS. User home dirs do not auto mount, haven't work out why not yet.  (I don't have admin access to the NIS servers).
> 
> The real question is how can I allow a standard user to login to the console with their own username, authenticated via NIS.
> 
> Currently, it only looks at /etc/passwd if using the console, but I don't understand why.
> 
> /etc/nsswitch.conf is set for "files nis" for passwd, shadow, and group.
> 
> Searched google and looks like it may be something to do with PAM and/or /etc/security/access.conf, but not sure if I am on the right track.
> 
> This is a lab PC, not a server.  Users do not have root access though.
> 
> Anyone have ideas?
> 
> btw, I know NIS is not secure, not my call.
> 
> Thanks
> 
> Craig

Here is a nice overview of NIS on RedHat. I wrote it with RH9 but it
should work with Fedora Core as well (as long as they don't break NIS
and NFS).

http://www.trilug.org/~jonc/nfs/nfs_nis_automount.txt

You probably don't want to use Shadow with NIS (it should work, but
really what's the point...)

You definitely want to put to modify your nsswitch.conf to put "nis" in
front of "files". This will use the NIS information first (if they exist
in NIS) and then fall back to the local user.  By default it should be
setup to not use users below 400 (I think) for NIS. That will keep it
from trying to login root via NIS on the local console.

Good Luck.  I had NIS/NFS running across multiple OS's for a former
company. We used it with Samba to have one single login for all our
systems. It worked very nicely.

Jon Carnes