NIS Client Configuration with authconfig

authconfig stands for "Authentication Configuration" and makes interfacing with the NIS system easy. Once you are correctly communicating with the NIS system, you can use the network's preset information for usernames, passwords, hostnames, and other categories. To run authconfig, you must be logged in as root and type the full path,

/usr/sbin/authconfig

,
unless

/usr/sbin

is in your PATH variable.

• authconfig make interfacing with NIS System easy:
  Authconfig is a command-line tool in Red Hat Linux that simplifies the configuration of various system authentication and identification services, including NIS (Network Information Service). Authconfig provides an easy way to configure the system to use NIS for user authentication and other system entities, by automating the process of modifying various configuration files. When configuring NIS with authconfig, the tool modifies several files, including the /etc/nsswitch.conf file, which specifies the order in which various databases and services are consulted when looking up system entities. Authconfig adds the "nis" keyword to the appropriate lines in the file, indicating that NIS should be used as a source of information. Authconfig also modifies the /etc/sysconfig/network file to specify the name of the NIS domain to use for authentication, as well as the /etc/yp.conf file to specify the NIS server hostname or IP address. By using authconfig, the process of configuring NIS becomes much easier and less error-prone, as the tool handles all the necessary modifications to the configuration files. This can be especially useful in large-scale deployments where multiple systems need to be configured to use NIS.

In Red Hat Linux, NIS (Network Information Service) domains can be specified in several ways, depending on the context in which they are used. One way to specify an NIS domain is by modifying the

/etc/sysconfig/network

file. This file contains various network-related configuration settings, including the hostname and domain name of the system. To specify the NIS domain, add the following line to the file:

NISDOMAIN=<domain_name>

Replace <domain_name> with the name of the NIS domain. This setting tells the system which NIS domain to use for authentication and other system entities. Another way to specify an NIS domain is by modifying the

/etc/yp.conf 

file. This file contains configuration settings for the NIS client, including the hostname or IP address of the NIS server and the name of the NIS domain. To specify the NIS domain, add the following line to the file:

domain <domain_name> server <server_name>

Replace <domain_name> with the name of the NIS domain and <server_name> with the hostname or IP address of the NIS server. This setting tells the NIS client which domain to use when looking up information in the NIS database. Finally, the NIS domain can also be specified in the authconfig command when configuring the system to use NIS. For example, to configure the system to use NIS with the domain "example.com", run the following command:

authconfig --enablenis --nisdomain example.com

This command configures the system to use NIS for authentication and other system entities, and specifies the NIS domain as "dispersednet.com".
An NIS domain is a group of computers using the same NIS server for a given type of information; it does not necessarily contain the same hosts as the TCP/IP domain, although administrators often use the same names for clarity. If your network uses NIS, the network administrator should provide you with the NIS domain name to use.

To install and build the NIS database, run the ypinit command. To start the ypinit program, type the following:

# /usr/lib/yp/ypinit -m

The ypinit command should automatically choose your host name to use as an NIS server. After that, it asks you to add slave servers. Add one at a time; then press Ctrl+D after you have entered your last slave server. Verify that the list of NIS servers is correct (type y). The database is built at this point. A new directory that has the name of your NIS domain is created in /var/yp. For example, if your NIS domain name is trident, the directory is /var/yp/trident. All maps built are then placed in that directory.

• Adding NIS slave servers: In Red Hat Linux, NIS is configured to have a master NIS server and no slave NIS servers. You can allow your NIS maps to be pushed to one or more slave servers by setting NOPUSH=false in the /var/yp/Makefile file. After that, you need to add the names of the slave servers to your /var/yp/ypservers file. You can either add the hostnames manually or have them added automatically when you run the ypinit command later.

Network Information System (NIS) is designed to centralize administration of UNIX-like systems such as

1. Solaris
2. HP-UX,
3. AIX,
4. Linux,
5. NetBSD,
6. OpenBSD, and
7. FreeBSD.

NIS was originally known as Yellow Pages but the name was changed due to trademark issues. This is the reason why NIS commands begin with yp.
NIS is a Remote Procedure Call (RPC)-based client/server system that allows a group of machines within an NIS domain to share a common set of configuration files. This permits a system administrator to set up NIS client systems with only minimal configuration data and to add, remove, or modify configuration data from a single location.

authconfig gives you the option to use NIS password files instead of local password files. This allows you to keep the same login information across the network. When you use NIS, you must specify your NIS domain and how to reach the NIS server.
There are two ways to specify the NIS server. You can instruct the computer to ask all hosts (broadcast^[1]) on the subnet for NIS information. This method is not preferred because any computer that responds quickly enough will supply network information to your computer. A better way to configure each computer is with the IP address of the NIS server in use. The diagram below describes the options in authconfig.

1. Selecting this option tells Linux to use the standard UNIX password method
2. This option enables the use of NIS for password authentication
3. This is the field for entering the name of your NIS domain. Ask you network administrator for this information.
4. Selecting this option poses a security threat because any computer that answers the broadcast will supply your computer with network information.
5. This field holds the value of your NIS server's IP address. You should set the server's IP address instead of using the insecure broadcast method.
6. Shadow passwords are stored by Linux in a manner that prevents people from simply reading them from a password file. Using NIS with shadow passwords, however, gives up some of this system security.
7. MD5 is another password encryption scheme. Enable this option if you expect to use MD5 passwords for user authentication.

The next lesson shows you how to use the command line to configure an NIS client.

[1]Broadcast: To send information to an IP address that all network hosts listen to. You can broadcast a message across an entire subnet.