rickh@b11.ingr.com (Rick Hopkins) (10/17/90)
When using NIS, can you override the password, uid, and gid fields in the password file for NIS users? If you can override these fields, doesn't that defeat the purpose of NIS? I believe you can override the comment, login directory, and shell fields. Example of passwd file . (local users) . +yp1::::yp1 user:/usr2/yp1:/bin/ksh +yp2:abc123::::: +yp3::12345:::: +yp4:::1000::: +:::::: Where: yp1 will have yp1 user in the comment field, /usr2/yp1 in the dir field, and /bin/ksh in the shell field regardless of the information in the NIS maps. yp2 will have an encrypted password in the password field regardless of the NIS maps. yp3 will have 12345 in the uid field regardless of the NIS maps. yp4 will have 1000 in the gid field regardless of the NIS maps. The rest of the NIS users will get there info via the maps. Rick Hopkins b11!seminole!rick@ingr.com
thurlow@convex.com (Robert Thurlow) (10/18/90)
In <9101@b11.ingr.com> rickh@b11.ingr.com (Rick Hopkins) writes: >When using NIS, can you override the password, uid, and gid fields in >the password file for NIS users? If you build a passwd on the client that doesn't have any lines that start with '+', you won't even reference NIS; it'll be like you're a standalone machine as far as password administration goes. The password routines in libc are written to only look to NIS when they read a '+' marker line from the local /etc/passwd file. The rules on how each flat file and map interact vary from case to case. >If you can override these fields, doesn't that defeat the purpose of NIS? Not at all; putting the password administration into NIS was meant to ease the task of system administration, not help sysadmins on master NIS servers become little Nazis :-) The idea is to rake together all common information into one place, and it's important to leave hooks for local control of passwords. It isn't important at all for something like /etc/hosts; you'd hate to have two different Internet addresses for a host running around. Rob T -- Rob Thurlow, thurlow@convex.com or thurlow%convex.com@uxc.cso.uiuc.edu ---------------------------------------------------------------------- "This opinion was the only one available; I got here kind of late."
roy@phri.nyu.edu (Roy Smith) (10/18/90)
thurlow@convex.com (Robert Thurlow) writes: > It isn't important at all for something like /etc/hosts; you'd hate to > have two different Internet addresses for a host running around. No, but it is convenient to be able to have each machine have a different address coresponding to things like "dumphost", "loghost", etc. If your YP-based gethostbyname reads your local /etc/hosts first and then the YP hosts map, it's easy to do this. If it only looks at the YP map, you have to invent different YP domains for each dumphost alias. DNS has the same problem (and solution) that YP has. -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy "Arcane? Did you say arcane? It wouldn't be Unix if it wasn't arcane!"