This is the fourth part in our series of articles on centralized authentication. In the first two articles on NFS, we described sharing (or exporting) user directories from the server to the client computer (s). Next, we discussed setting up an NIS server to store user authentication data. Now, we will describe the configuration of a client workstation so that authentication does not take place locally, but on the NIS server.
The ypbind package is provided by the OSS repository.
# zypper install ypbind
As with the configuration of the NFS client, we will use the YaST configuration tool (Yet another Setup Tool) in console mode.
Navigate to Network Services using the arrow keys, then press [Enter] to open this category. Similarly, open the NIS Client menu.
Press [Tab] twice and then [Enter] to Activate NIS. Do the same to enter the NIS domain and the address of the NIS server, then confirm with the Finish button.
Restart the client computer to take into account the new configuration.
From there, I can connect to the client workstation. On the amandine.microlinux.lan server, I created a deadly user that I added to the NIS database (cd / var / yp && sudo make).
I am now trying to log in as a jmortreuse user on the NIS client bernadette.microlinux.lan.
[kikinovak @ alphamule: ~] $ ssh xxx @ bernadette
Have a lot of fun …
[xxx @ bernadette: ~] $
I’m showing the name of the NIS server.
[jmortreux @ bernadette: ~] $ ypwhich
To change my password, I can use the passwd command.
[jmortreux @ bernadette: ~] $ passwd
Change of password for xxx.
Current password: ********
New Password : ********
Retype the new password: ********
passwd: password updated successfully
In the default configuration, OpenSUSE’s behavior regarding password changes may have raised some eyebrows in the eyes of system administrators.
Important Passwords are kept in cache by nscd, the Name Service Caching Daemon for performance reasons. The result is that the system administrator does not understand why password changes seem to be taken into account only at random.
For a healthier management of connection information, it is better to deactivate this functionality, by commenting the corresponding line in the file /etc/nscd.conf.
# enable-cache passwd yes
Once the service has been restarted (systemctl restart nscd), password changes are taken into account immediately.