Unix OS
--
Questions
--
Followers
Top Experts
Deleting a NIS user
Can some one tell me how to delete a NIS user?
would a userdel -r username do it?
I am just curious whether I would need to run a make on the NIS maps again so that the maps are reconstructed with the new passwd and shadow files else it appears to me that the NIS maps would still authenticate users which are outdated and put them on / as Home is gone.
Just a make would do it or do I need to something else
Is there any other way I can delete a NIS user?
Thanks.
would a userdel -r username do it?
I am just curious whether I would need to run a make on the NIS maps again so that the maps are reconstructed with the new passwd and shadow files else it appears to me that the NIS maps would still authenticate users which are outdated and put them on / as Home is gone.
Just a make would do it or do I need to something else
Is there any other way I can delete a NIS user?
Thanks.
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Ooops, I did not see the first response. Heh, anyway, both methods work.
Ok! One more Quick Doubt. If I set up a password for a new user using passwd and do a make, the user can log in initially with the password. If he changes his password and does a passwd would it just change the /etc/shadow file or will ypxfr and ypupdate take care of updating the NIS maps when some one does a passwd.
Thanks.
Thanks.
I believe if he is one any machine but the master NIS server it will change his NIS password. If it is done on the Master NIS server it will only affect the local /etc/shadow file unless that is your actual NIS map. (ie: you did not move it to a subdirectory somewhere)
You can explicitly specify what password to change as well:
passwd -r files # this will only affect the local /etc/passwd and /etc/shadow files.
passwd -r nis # will change NIS password
yppasswd # will change NIS password
Do a 'man passwd' for a full list of options.
-Chuck
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
I understand that a Solaris system running as a NIS client will automatically route password changes through NIS, so that changes are made to the NIS passwd file. We reset user's passwords for them using the passwd command as root on the NIS master.
However if the client is of another flavour you may have to use the yppasswd command (Irix for certain) as passwd only affects the local files.
However if the client is of another flavour you may have to use the yppasswd command (Irix for certain) as passwd only affects the local files.
Yea, under Linux you will have to use yppasswd. I was assuming you were using Solaris since this was the Solaris group.
Hope this help.
CC
Ok I am increasing 20 more points as I didnt want to create a new thread. ypcat passwd as a normal user is showing the encrypted passwords. Does NIS believes that all its users to be good? (or) Am I missing something here?
Thanks..
Thanks..
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ypcat merely lists the values in the corresponding NIS map. So doing a 'ypcat passwd' is essential the same as 'cat /etc/passwd' on a non-NIS system.
Every user retured from 'ypcat passwd' is a valid NIS user provided the user has a corresponding entry in the shadow file on this NIS server and it is not locked. Also, if you are using netgroups you can also control user access.
As root, just try to 'su - <username>' of a user that is only defined in NIS.
Oh yea, one last thing. Each nis client needs to have /etc/nsswitch.conf updated to use nis.
-Chuck
That's NIS, NIS+ is more secure, and easier to manage. I agreed with the following statements:
#-------------------------
With NIS you get the encrypted passwords in a publicly readable NIS
map, so you loose the security you got with /etc/shadow where the
passwords were not readable by ordinary users. With NIS any user can
ypcat passwd and save the output to file. And then run crack....
Besides, if you don't have a properly set up firewall, then anyone on
the net who can guess your NIS domain name can connect to your NIS
servers and fetch the maps...
With NIS+ it depends on the authentication level. If it runs at the
lowest level (or NIS compatibility mode) security is no better than
with NIS. In a pure NIS+ environment you have access bits on each
table, row column and cell. So the encrypted passwd field in the passwd
map will only be readable to admin users and the user who owns the
password. Ordinary users will not see other users encrypted
passwords. The NIS+ servers also requires that the client machines
authenticate themselves before they can do NIS+ lookups.
To read the Full DOC:
http://aa11.cjb.net/sun_managers/1999/11/msg00543.html
#-------------------------
Information about how to setup NIS+ and use it (step by step instructions, very good):
http://www.eng.auburn.edu/users/rayh/solaris/NIS+_FAQ.html
#-------------------------
With NIS you get the encrypted passwords in a publicly readable NIS
map, so you loose the security you got with /etc/shadow where the
passwords were not readable by ordinary users. With NIS any user can
ypcat passwd and save the output to file. And then run crack....
Besides, if you don't have a properly set up firewall, then anyone on
the net who can guess your NIS domain name can connect to your NIS
servers and fetch the maps...
With NIS+ it depends on the authentication level. If it runs at the
lowest level (or NIS compatibility mode) security is no better than
with NIS. In a pure NIS+ environment you have access bits on each
table, row column and cell. So the encrypted passwd field in the passwd
map will only be readable to admin users and the user who owns the
password. Ordinary users will not see other users encrypted
passwords. The NIS+ servers also requires that the client machines
authenticate themselves before they can do NIS+ lookups.
To read the Full DOC:
http://aa11.cjb.net/sun_managers/1999/11/msg00543.html
#-------------------------
Information about how to setup NIS+ and use it (step by step instructions, very good):
http://www.eng.auburn.edu/users/rayh/solaris/NIS+_FAQ.html
Ok! As soon as posted this Encrypted password thing I logged on to some machine which uses NIS(other domain) and did a ypcat passwd. I can even get the root password ,ofcourse so is the one I am on. So the bottomline is either believe your users to be good/upgrade to NIS+. My /etc.nsswithc.conf is good.
Thanks.
Thanks.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
I couldnt accept 2 answers one for the make and for the ypcat passwd. Both of you guys are great!
Unix OS
--
Questions
--
Followers
Top Experts
Unix is a multitasking, multi-user computer operating system originally developed in 1969 at Bell Labs. Today, it is a modern OS with many commercial flavors and licensees, including FreeBSD, Hewlett-Packard’s UX, IBM AIX and Apple Mac OS-X. Apart from its command-line interface, most UNIX variations support the standardized X Window System for GUIs, with the exception of the Mac OS, which uses a proprietary system.