Operating System - HP-UX
1834280 Members
1963 Online
110066 Solutions
New Discussion

To implement TCB in NIS server

 
Reejesh T V
Occasional Contributor

To implement TCB in NIS server

We are having 60 HP Workstation (C – Class 3700) for mainly using for Unigraphics, Catia & ideas (CAD CAM Software).

One of the workstation we converted as a NIS server & all users configured in that. So each workstation is configured

As NIS client. In this setup we have to implement Trusted System (TCB) . The problem is when I convert a TCB in
any one of the workstation ( NIS Client) it is not accepting and giving error as NIS cannot be configured because this host is a trusted system. That is simply either NIS work or Trusted System Work ??

So suggest me is it possible to implement TCB in NIS server atleast or How could be this implemented in a better way.


Regards,

Reejesh.
3 REPLIES 3
Sudeesh
Respected Contributor

Re: To implement TCB in NIS server

A trusted system is only supported using NIS+ and not NIS.


Sudeesh
The most predictable thing in life is its unpredictability
Patrick Wallek
Honored Contributor

Re: To implement TCB in NIS server

You best bet would be to go with something like LDAP.

NIS is NOT supported in a trusted system environment.
vinod_25
Valued Contributor

Re: To implement TCB in NIS server

hi reejesh

Unfortunately, using shadow passwords and NIS is not
supported. You would have to trust the system to use them.

This combination is supported, however, at HP-UX 11.0 using
NIS+. The following information is from the 11.0 release notes:

NIS+ and the Name Service Switch
************************************************************************
All of the public getprpw* and putprpw* APIs are aware of the Name
Service Switch and can be used in a distributed environment using NIS+.
You can centrally administer a subset of security attributes from any
NIS+ server or any authenticated client. You can configure C2/NIS+
operations via the /etc/nsswitch.conf file. This configuration file can
be configured to obtain protected password information from local files
or NIS+ tables.

libsec uses the NIS+ password table and HP's proprietary trusted table.
The password table contains a subset of trusted mode security attributes
in the shadow column to handle password aging. The trusted table
contains a different subset of security attributes that can be
administered centrally in an NIS+ namespace.

If NIS+ is configured, libsec's public APIs can obtain protected
password information from three different areas: local system, password
tables, and trusted tables (depending on the configuration of the
/etc/nsswitch.conf file).

libsec does not contain any reference to NIS+ library calls and it is
entirely dependent on the Name Service Switch for multi-user mode. The
switch directs libsec to the correct repository where protected password
information resides.

In single-user-mode, trusted mode and NIS+ is not supported. Also, the
archive version of libsec (libsec.a) does not support NIS+.
libsec only supports NIS+, not NIS(YP). An above-average level of
understanding of NIS+ is required to administer trusted mode in a
distributed environment. If you use libsec, you must understand the
relationship of NIS+ and the Name Service Switch and configuration of
NIS+. Some protected password information might not be returned by the
public APIs if the switch is used and NIS+ is not configured.

regards

Vinod K