Here's a useful answer I received from:
> t. charles clancy <> [EMAIL PROTECTED] <> www.uiuc.edu/~tclancy
> coordinated science laboratory <> university of illinois
> cryptography and information protection
I've received his permission to pass it along to the list.
> Okay -- I understand now. You have an "accounts" server running NIS and
> radius. Then, you have email, web, etc, acting as clients, and using this
> information. You want a way to easily maintain the NIS accounts from the
> accounts server.
>
> To make a long story short -- there's no easy way. The "proper" way to
> administer NIS is to manually edit the files in /var/yp/..., and then do a
> "cd /var/yp; make" to update the maps, and push data to NIS slaves (which
> you don't have).
>
> If you want to reset passwords, use the 'yppasswd' command on the server.
>
> For some of the other tasks, I'd suggest writing some simple shell scripts
> to do the job, if you don't like manually editing the files. For example,
> save the following in /usr/bin/chsh-yp, and make it executable (update the
> PW_FILE variable first!):
>
> ------ chsh-yp ------
> #!/bin/sh
>
> PW_FILE=/var/yp/domain.net/passwd
>
> rm -f /tmp/chsh_temp
> grep -v "$1:" $PW_FILE > /tmp/chsh_temp
> grep "$1:" $PW_FILE | awk 'BEGIN { FS = ":" } {print $1 ":" $2 ":" $3 \
> ":" $4 ":" $5 ":" $6}' | xargs -i[] echo "[]:$2" >> /tmp/chsh_temp
> mv /tmp/chsh_temp $PW_FILE
> cd /var/yp
> make
> ---------------------
>
> Now, as root, you can type 'chsh-yp [username] [new-shell]', and this
> script will do all the updating for you.
>
> On your client machines, you'll want to put "passwd: nis" in the
> nsswitch.conf file, and install the radius PAM module. There should be
> documentation for a good PAM config. Something like the following in
> /etc/pam.d/sshd (I don't remember the exact syntax):
> auth sufficient /lib/security/pam_radius.so
> auth required /lib/security/pam_stack.so system-auth
