Thank you for answers to Luca Pizzinato and Darren Dunham.
Copy of Luca's answer follows.
First, modify you passwd and group entries in /etc/nsswitch.conf on BOTH
master and clients as follows:
passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus
You can type man nsswitch.conf for more details. This syntax will let you
use netgroups in your local passwd files.
Then create for example 2 netgroups, on the first you include john and bob,
on the second only bob:
nistbladm -a name=firstnetgr user=john netgroup.org_dir
nistbladm -a name=firstnetgr user=bob netgroup.org_dir
nisping org_dir
nistbladm -a name=secondnetgr user=bob netgroup.org_dir
nisping org_dir
Then, on the master:/etc/passwd, you include the netgroup at the end
+firstnetgr:x:::::
On the clients, you include the second netgroup:
+secondnetgr:x:::::
Don't forget to add +firstnetgr:::::::: and +secondnetgr:::::::: to the
shadow files, and a + to all /etc/group
Done. SInce john and bob are part of firstnetgr they will login to master,
but only bob will login to the clients since only bob is part of
secondnetgr.
You can also do very nice things with netgroups: suppose you include mark to
secondnetgr. mark will login to all clients. However if you want to prevent
mark from loggin into 1 specific client, you just include this in the local
/etc/passwd:
-mark:x:::::
+secondnetgr:x:::::
(don't forget the shadow) Since -mark comes before +secondnetgr, he's locked
out. bob will be granted access as before.
========Original question ===============
Hello everybody,
I have NIS+ master server running on a Sun box. Other Sun box I use as NIS+
client. I'd like to restrict access to client box only for certain users.
How can I do it?
For example: On master server I have accounts for users John and Bob. But I
want to enable login on client box only to user Bob. Is it possible?
Is it possible to restrict login also on NIS+ master server?
Thank in advance for your answers.
Regards
Robert
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:23 CDT