Here's a useful answer I received from: > t. charles clancy <> [EMAIL PROTECTED] <> www.uiuc.edu/~tclancy > coordinated science laboratory <> university of illinois > cryptography and information protection
I've received his permission to pass it along to the list. > Okay -- I understand now. You have an "accounts" server running NIS and > radius. Then, you have email, web, etc, acting as clients, and using this > information. You want a way to easily maintain the NIS accounts from the > accounts server. > > To make a long story short -- there's no easy way. The "proper" way to > administer NIS is to manually edit the files in /var/yp/..., and then do a > "cd /var/yp; make" to update the maps, and push data to NIS slaves (which > you don't have). > > If you want to reset passwords, use the 'yppasswd' command on the server. > > For some of the other tasks, I'd suggest writing some simple shell scripts > to do the job, if you don't like manually editing the files. For example, > save the following in /usr/bin/chsh-yp, and make it executable (update the > PW_FILE variable first!): > > ------ chsh-yp ------ > #!/bin/sh > > PW_FILE=/var/yp/domain.net/passwd > > rm -f /tmp/chsh_temp > grep -v "$1:" $PW_FILE > /tmp/chsh_temp > grep "$1:" $PW_FILE | awk 'BEGIN { FS = ":" } {print $1 ":" $2 ":" $3 \ > ":" $4 ":" $5 ":" $6}' | xargs -i[] echo "[]:$2" >> /tmp/chsh_temp > mv /tmp/chsh_temp $PW_FILE > cd /var/yp > make > --------------------- > > Now, as root, you can type 'chsh-yp [username] [new-shell]', and this > script will do all the updating for you. > > On your client machines, you'll want to put "passwd: nis" in the > nsswitch.conf file, and install the radius PAM module. There should be > documentation for a good PAM config. Something like the following in > /etc/pam.d/sshd (I don't remember the exact syntax): > auth sufficient /lib/security/pam_radius.so > auth required /lib/security/pam_stack.so system-auth