HPE Community
Operating System - HP-UX
1826415 Members
3942 Online
109692 Solutions
New Discussion

NIS+ Does it allow for host control within a domain

 
SOLVED
Go to solution
Kirk Reindl
Frequent Advisor

‎08-23-2006 06:35 AM

‎08-23-2006 06:35 AM

NIS+ Does it allow for host control within a domain

Current Specs:

HPUX 11.11
NIS

I have a general question. Our shop currently runs NIS. And it runs just fine, but we are being audited and have been mandated to isolate user accounts to specific servers based on their work function.

To my knowledge NIS doesn't support this.
Does NIS or NIS+ have functionality that will allow me to control access to servers with in a domain?? For example, I don't want a user to have access to all servers in a domain. I want to be able to control this.
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎08-23-2006 06:39 AM

‎08-23-2006 06:39 AM

Solution

Re: NIS+ Does it allow for host control within a domain

Shalom,

You don't want to go NIS+, HP is pulling support for this in the next release of the OS. That and the complexity will give you a big headache.

Alternatives:

LDAP

LDAP will definitely do the job.

Windows ADS Authentication. Not sure, but it is a reasonalble solution for single sign on.

NIS.

Yes NIS will do it.

If you place a local, locked account on the machines the user is not supposed to access, NIS will not permit login of that user to that machine. More exactly, it will prompt for a local password which won't work. It solves the problem short term.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Jeff_Traigle
Honored Contributor

‎08-23-2006 06:43 AM

‎08-23-2006 06:43 AM

Re: NIS+ Does it allow for host control within a domain

I'm sure you can with NIS+, but I don't know how. You can do it in NIS too, however. Define netgroups. Then in your /etc/passwd, you'll enter lines to allow or deny access something like:

+@allowgroup::-2:-2:::
-@denygroup::-2:-2:::

You need to be careful of the order of these and where they are in the passwd file. See the netgroup(4) and passwd(4) man pages for more information. I'd also recommend the O'Reilly NIS and NFS book. (Hopefully they've updated in the past 14 years to make the use of netgroups clearer. When I first configured this back then, I had a heck of a time making it work because the information wasn't accurate as to the formatting of the passwd file entries.)
--
Jeff Traigle
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.