dan@asihub.AUTOSYS.COM (Dan O'Neill) (04/14/90)
Our site is running yellow pages under Ultrix 3.1 and SunOS 4.0 and we
are about to start using netgroups to restrict user access to certain
machines.
Here's the rub: Mail is working great right now, but if I use a
netgroup to remove a user from a system, mail to that user files in
the following manner:
% mail charles
charles... User unknown
This is not unexpected as the password file looks like:
root: [stuff deleted]
uucp: [stuff deleted]
-@guests
+:
Where "charles" is specified in the netgroup "guests".
What I've tried:
Adding an alias for "charles" to the YP alias file. This works in
getting the mail off of this machine and onto the central mailhost
of our network, but then the mail is forwarded to the machine
specified in Charles' .forward file. When the the .forward machine
is reached, it looks at the YP aliases and sends the mail back to
the central mailhost. This loop then continues forever.
What I would like:
If a local (non-Yellowpages) aliases file says "forward mail for
charles to the mailhost:
charles: charles@mailhost
Things work fine. This becomes a maintenance problem for the
systems administrator as alias files suddenly become machine
specific [yuck].
I guess I have two problems here:
1. What is the best way to restrict a group of users from a set of
machines in a single net, Yellowpage'd environment? This
restriction must extend to rcp, rsh and all forms of access to
the system.
2. If netgroups are used to create the restriction, is there any
way to get mail forwarded properly?
Thanks.
--
Dan O'Neill dan@asihub.AUTOSYS.COM {uunet|ncr-sd}!asihub!dan
Automated Systems, Inc. San Diego R&D