个人工具

Quick HOWTO : Ch30 : Configuring NIS/zh

来自Ubuntu中文

Hnmsky讨论 | 贡献2009年6月20日 (六) 11:22的版本 Introduction

跳转至: 导航, 搜索
翻译标记 本条目正在从其他语言的文档内容翻译成中文。
欢迎您积极参与翻译与修订
Geographylogo.png 文章出处: 

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS

Geographylogo.png 翻译人员: 

hnmsky

Geographylogo.png 点击翻译: 

English  • 中文


Introduction

Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.

An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.

The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server. A detailed analysis of NIS security is beyond the scope of this book, but I suggest that you restrict its use to highly secure networks or to networks where access to non-NIS networks is highly restricted.

The Lightweight Directory Access Protocol (LDAP) offers similar features to NIS but has the advantage of supporting encryption without additional software and can support clients across multiple networks without the need for slave servers. It is for this reason that LDAP has become increasingly popular for this type of application. LDAP is discussed in more detail in Chapter 31, "Centralized Logins Using LDAP and RADIUS".

Scenario

To understand the benefits of NFS, consider an example. A school wants to set up a small computer lab for its students.

  • The main Linux server, bigboy, has a large amount of disk space and will be used as both the NIS server and NFS-based file server for the Linux PCs in the lab.
  • Users logging into the PCs will be assigned home directories on bigboy and not on the PCs themselves.
  • Each user's home directory will be automatically mounted with each user login on the PCs using NFS.
  • The lab instructor will practice with a Linux PC named smallfry before implementing NIS on all the remaining PCs.
  • The suite of NIS RPMs have been installed on the server and client: ypserve and yp-tools are on the server, and ypbind and yp-tools are on the client.

Downloading and installing RPMs isn't hard, as discussed in Chapter 6, "Installing Linux Software". When searching for the RPMs, remember that the filename usually starts with the software package name followed by a version number, as in yp-tools-2.8-3.i386.rpm.

The lab instructor did some research and created an implementation plan:

  1. Configure bigboy as an NFS server to make its /home directory available to the Linux workstations.
  2. Configure smallfry as an NFS client that can access bigboy's /home directory.
  3. Configure bigboy as an NIS server.
  4. Create a user account (nisuser) on bigboy that doesn't exist on smallfry. Convert the account to a NIS user account.
  5. Configure smallfry as an NIS client.
  6. Test a remote login from bigboy to smallfry using the username and password of the account nisuser.

You have the scenario and the plan, it's time to get to work.

取自“https://wiki.ubuntu.org.cn/index.php?title=Quick_HOWTO_:_Ch30_:_Configuring_NIS/zh&oldid=123369