· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Linuxdoc Sgml/NIS_debian-KLDP

You are not allowed to 'info'


NIS Debian HOWTO

NIS Debian HOWTO

Miquels, miquels@cistron.nl

v3.2.1-3, 2 Mar 1998 À̹ü¼® shinsuk@ai-cse.sch.ac.kr 12 Dec 1998
ÀÌ HOWTO´Â ´ÙÀ½¿¡ ´ëÇØ ¼³¸íÇÕ´Ï´Ù.

1. Áö¿ª NIS Ŭ¶óÀ̾ðÆ®¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡

  1. netbase, netstd, nis ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÕ´Ï´Ù.
  2. ¼³Ä¡ °úÁ¤¿¡¼­ NIS domainnameÀ» ¹¯½À´Ï´Ù. ÀÌ°ÍÀº NIS¸¦ »ç¿ëÇÒ ½Ã½ºÅÛµéÀÇ ±×·ìÀ» ³ªÅ¸³»´Â À̸§À¸·Î hostname°ú´Â ´Ù¸¨´Ï´Ù.
  3. ¸¸¾à NIS ¼­¹ö°¡ Áö¿ª ³×Æ®¿öÅ© ¾È¿¡ ÀÖÁö ¾ÊÀ¸¸é ¸î °¡Áö ¹Ì¼¼Á¶Á¤ÀÌ ÇÊ¿äÇÕ´Ï´Ù. ypbind ÇÁ·Î¼¼½º´Â /etc/yp.conf ¶ó´Â ¼³Á¤ ÆÄÀÏÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿©±â¿¡ NIS ¼­¹öÀÇ À̸§À» Àû½À´Ï´Ù. - ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â ypbind(8) ¸Å´º¾óÀ» º¸½Ê½Ã¿À.
  4. NIS¸¦ ½ÃÀÛÇÕ´Ï´Ù.
    /etc/init.d/nis stop
    /etc/init.d/nis start
    

2. NIS¸¦ ÅëÇØ ÀÚ¿øÀ» ¾î¶»°Ô ÀÌ¿ëÇϴ°¡

  1. FOR libc6

    /etc/nsswitch.conf ÆÄÀÏÀÇ passwd, group, shadow, netgroup ¿£Æ®¸®¸¦ ´ÙÀ½°ú °°ÀÌ ¹Ù²ß´Ï´Ù.

    passwd:   compat
    group:    compat
    shadow:   compat
    
    netgroup: nis
    

    libc6Àº ÆÄÀϷκÎÅÍ netgroup Á¤º¸¸¦ Àдµ¥ ¸î °¡Áö ¹®Á¦¸¦ °¡Áö°í ÀÖ½À´Ï´Ù. ±×·¯´Ï netgroup ¿£Æ®¸®¿¡ "db"³ª "files"¸¦ ¾²Áö ¸¶½Ê½Ã¿À. ¸ðµç netgroup Á¤º¸´Â NIS ¼­¹ö¸¦ ÅëÇØ ¾ò¾îÁö°Ô µË´Ï´Ù.

  2. USERS: NIS clientsÀÇ /etc/passwd¿¡ ´ÙÀ½ ÁÙÀ» Ãß°¡ÇÕ´Ï´Ù.
    +::::::
    

    »ç¿ëÀÚ(user)ÀÇ Æ÷ÇÔ/Â÷´ÜÀ» À§ÇØ +¿Í - ±âÈ£¸¦ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. »ç¿ëÀÚ guest¸¦ Á¦¿ÜÇÏ·Á¸é /etc/passwd ÆÄÀÏ¿¡ -guest¸¦ Ãß°¡ÇÕ´Ï´Ù. »ç¿ëÀÚ linux°¡ ´Ù¸¥ ½©(e.g. ksg)À» »ç¿ëÇÏ±æ ¿øÇÑ´Ù¸é /etc/passwd¿¡ +linux::::::/bin/ksh¸¦ Ãß°¡ÇØ ÁÖ¸é µË´Ï´Ù. º¯°æÀ» ¿øÇÏÁö ¾Ê´Â Çʵå´Â ºóä·Î ³öµÓ´Ï´Ù.

    ¿¹·Î, miquels, dth, ed¸¸ ·Î±×ÀÎÀ» Çã¶ôÇÏ°í ´Ù¸¥ »ç¿ëÀÚÀÇ °èÁ¤ Á¤º¸¸¸À» À¯ÁöÇÏ·Á¸é:

    +miguels::::::
    +ed::::::
    +dth::::::
    +:*::::::/etc/NoShell
    

    ¿¹¿¡¼­¿Í °°ÀÌ ¸®´ª½º¿¡¼­´Â Æнº¿öµå Çʵ嵵 overrideÇÒ ¼ö ÀÖ½À´Ï´Ù.

  3. GROUPS: /etc/group¿¡ ´ÙÀ½ ÁÙÀ» Ãß°¡ÇÕ´Ï´Ù.
    +:::
    
  4. HOSTS:

    º¸Åë NIS¸¦ ÅëÇØ host lookupÀº ÇÏÁö ¾Ê°í DNS¸¦ »ç¿ëÇÕ´Ï´Ù. ²À NIS¸¦ ÅëÇØ ÇØ¾ß ÇÑ´Ù¸é ¿©±â¼­ ÇϽʽÿÀ.

    • For libc5 applications:

      NIS ¼­¹öÀÇ NIS host ¸ÊÀ» »ç¿ëÇÏ·Á¸é /etc/host.conf¸¦ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù. ´ÙÀ½°ú °°ÀÌ order ÁÙ¿¡ nis¶ó´Â ´Ü¾î¸¦ Ãß°¡ÇÕ´Ï´Ù:

              order hosts,nis
              multi on
              
      

    • For libc6 applications:

      /etc/nsswitch.confÀÇ hosts ¿£Æ®¸®¸¦ ¼öÁ¤ÇÕ´Ï´Ù:

              hosts: nis files
              
      

3. NIS master ¼­¹ö¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡

  1. nis ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÕ´Ï´Ù. RPC daemonµé(rpc.portmap)À» ¼³Ä¡Çϱâ À§ÇØ netbase¿Í netstdµµ ¼³Ä¡ÇØ¾ß ÇÕ´Ï´Ù.
  2. master, slave ±¸ºÐ¾øÀÌ NIS ¼­¹ö·Î »ç¿ëµÉ ¸ðµç ½Ã½ºÅÛÀÇ À̸§ÀÌ /etc/hosts ÆÄÀϳ»¿¡ ÀÖ¾î¾ß ÇÕ´Ï´Ù. °¢ IP ÁÖ¼Ò µÚ¿¡ ù ¹ø° hostnameÀÌ FQDN(Fully Qualified Domain Name)À̾î¾ß ÇÏ°í, ±×¿¡ À̾î domainnameÀ» Á¦¿ÜÇÑ hostname¸¸À» ±âÀÔÇÕ´Ï´Ù. ¿¹¸¦ µé¸é:
    192.168.88.10   troi.cistron.nl troi
    

    NIS´Â DNS¸¦ »ç¿ëÇÏÁö ¾Ê±â ¶§¹®¿¡ NIS server ³»ÀÇ NIS host file(º¸Åë /etc/hosts)µµ ÀÌ ¼³Á¤À» ÇØ¾ß ÇÕ´Ï´Ù.

  3. /etc/defaultdomain¿¡ NIS domainÀ» ¼³Á¤ÇÕ´Ï´Ù. NIS domainÀº NIS¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛµéÀÇ ±×·ìÀ» ³ªÅ¸³»´Â À̸§À¸·Î hostname°ú´Â ´Ù¸¨´Ï´Ù. ÀÌ°ÍÀº º¸Åë DNS domainnameÀ» ÀÌ°Í¿¡µµ »ç¿ëÇÕ´Ï´Ù.

    ÀÌ°ÍÀº ¸¹Àº »ç¶÷µé¿¡ ÀÇÇØ º¸¾È À§ÇèÀ» ÁöÀûµÇ°í ÀÖ½À´Ï´Ù. domainnameÀ» ¾Æ´Â °Í¸¸À¸·Î ¿ø°ÝÁö¿¡¼­ NIS server¿¡ query¸¦ º¸³»°í NIS ¸ÊµéÀ» ¹ÞÀ» °¡´É¼ºÀÌ Àֱ⠶§¹®ÀÔ´Ï´Ù. ÀÌ°ÍÀ» ¸·±âÀ§ÇØ ¸ðÈ£ÇÑ domainnameÀ» ¼±ÅÃÇؼ­´Â ¾ÈµË´Ï´Ù. ´ÜÁö Áö¿ª ³×Æ®¿öÅ© ÀÌ¿Ü¿¡¼­ NIS ¼­¹ö¿¡ Á¢±ÙÇÒ ¼ö ¾øµµ·Ï ÇÏ¸é µË´Ï´Ù.

  4. /etc/init.d/nis ÆÄÀÏ ³»ÀÇ ypserv¸¦ master·Î (ypserv=master) ¼³Á¤ÇÕ´Ï´Ù.
  5. À§¿¡¼­ ¸»ÇÑ °Í°ú °°ÀÌ, Áö¿ª ³×Æ®¿öÅ© ¹øÈ£¸¦ /etc/ypserv.securenets¿¡ Ãß°¡ÇÕ´Ï´Ù. ±âº»°ªÀ¸·Î ¸ðµç ½Ã½ºÅÛÀÌ NIS server¿¡ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖÁö¸¸ ÀÌ·¸°Ô ÇÏÁö ¾Ê´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.

    º¸¾ÈÀÇ °­È­¸¦ À§ÇØ /etc/ypserv.conf ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© password¸¦ ³ª¿ÀÁö ¾Êµµ·Ï(mangle)ÇÒ ¼ö ÀÖ½À´Ï´Ù. (³×Æ®¿öÅ© ³»¿¡ µ¥ºñ¾ÈÀÌ ¾Æ´Ñ slave serverµéÀÌ ÀÖÀ» ¶§¿¡´Â ÀÌ°ÍÀ» »ç¿ëÇؼ­´Â ¾ÈµË´Ï´Ù.)

  6. "/usr/lib/yp/ypinit -m"À» ÀÔ·ÂÇÏ¿© ¼­¹ö¸¦ ¼³Á¤ÇÕ´Ï´Ù.
  7. ´ÙÀ½À» ÀÔ·ÂÇÏ¿© ¼­¹ö¸¦ ½ÃÀÛÇÕ´Ï´Ù.
    /etc/init.d/nis stop
    /etc/init.d/nis start
    

    ¼­¹ö(ypserv)¿Í Æнº¿öµå µ¥¸ó(yppasswdd)ÀÌ ½ÃÀ۵˴ϴÙ.

    NIS ¼­¹ö¿¡ÀÇ Á¢±ÙÀ» Á¦ÇÑÇϱ⸦ ¿øÇϸé NIS ¼­¹ö¸¦ Ŭ¶óÀ̾ðÆ®¿Í ¸¶Âù°¡Áö·Î ypbind¸¦ ½ÇÇàÇÏ°í /etc/passwd ÆÄÀÏÀÇ Áß°£¿¡ plus-entries¸¦ Ãß°¡ÇÏ¿© ¼³Á¤ÇÕ´Ï´Ù. ¶óÀ̺귯¸® ÇÔ¼ö´Â ù ¹ø° NIS entry ÈÄÀÇ ¸ðµç normal entries¸¦ ¹«½ÃÇÏ°í, ³ª¸ÓÁö¸¦ NIS¸¦ ÅëÇØ ¾ò°Ô µË´Ï´Ù. ÀÌ ¹æ¹ýÀº NIS¿¡ÀÇ Á¢±Ù ±ÔÄ¢À» °ü¸®ÇÏ´Â ¹æ¹ýÀÔ´Ï´Ù.

    ¿¹:

            root:x:0:0:root:/root:/bin/bash
            daemon:*:1:1:daemon:/usr/sbin:
            bin:*:2:2:bin:/bin:
            sys:*:3:3:sys:/dev:
            sync:*:4:100:sync:/bin:/bin/sync
            games:*:5:100:games:/usr/games:
            man:*:6:100:man:/var/catman:
            lp:*:7:7:lp:/var/spool/lpd:
            mail:*:8:8:mail:/var/spool/mail:
            news:*:9:9:news:/var/spool/news:
            uucp:*:10:50:uucp:/var/spool/uucp:
            nobody:*:65534:65534:noone at all,,,,:/dev/null:
            +miquels::::::
            +:*:::::/etc/NoShell
            [ All normal users AFTER this line! ]
            tester:*:299:10: Just a test account:/tmp:
            miquels:1234567890123:101:10:Miquel van Smooreburg:/home/miquels:/bin/zsh
    

    »ç¿ëÀÚ tester´Â Á¸ÀçÇÏÁö¸¸, ½©ÀÌ /etc/NoShell·Î ÁöÁ¤µÇ¾î ÀÖ°í, miguels´Â º¸Åë Á¢±ÙÀ» °®°Ô µË´Ï´Ù.

    ´Ù¸¥ ¹æ¹ýÀ¸·Î, /var/yp/MakefileÀ» ¼öÁ¤ÇÏ°í NIS°¡ ´Ù¸¥ Æнº¿öµå ÆÄÀÏÀ» »ç¿ëÇϵµ·Ï ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. Å« ½Ã½ºÅÛ¿¡¼­´Â, NIS Æнº¿öµå¿Í ±×·ìÆÄÀÏÀ» ÀϹÝÀûÀ¸·Î /var/yp/ypfiles/¿¡ ÀúÀåÇÕ´Ï´Ù. ÀÌ°ÍÀ» »ç¿ëÇÒ °æ¿ì¿£ Æнº¿öµå ÆÄÀÏÀ» °ü¸®ÇÏ´Â "passwd", "chfn", "adduser"µîÀÇ ÀÏ¹Ý °ü¸® µµ±¸¸¦ ´õÀÌ»ó »ç¿ëÇÒ ¼ö ¾ø°Ô µÇ¾î Ưº°ÇÑ µµ±¸¸¦ Á÷Á¢ ¸¸µé¾î »ç¿ëÇØ¾ß ÇÕ´Ï´Ù.

    ±×·¯³ª yppasswd, ypchsh, ypchfnÀº yppasswdd¸¦ -D ¿É¼ÇÀ¸·Î NIS Æнº¿öµå¿Í ½¦µµ¿ìÀÇ À§Ä¡¸¦ ÁöÁ¤ÇÏ¸é »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ À¯Æ¿¸®Æ¼µé°ú yppasswdd µ¥¸óÀÇ µ¥ºñ¾È ¹öÀüÀº ºñÇ¥ÁØ È®ÀåÀ» °¡Áö°í ÀÖ½À´Ï´Ù. "Root"´Â root Æнº¿öµå¸¦ »ç¿ëÇÏ¿© ´Ù¸¥ »ç¶÷µéÀÇ Æнº¿öµå, finger Á¤º¸¿Í ½©À» º¯°æÇÒ ¼ö ÀÖ½À´Ï´Ù.

    NIS Æнº¿öµå ÆÄÀÏÀ» Á÷Á¢ ¼öÁ¤Çϰųª Ç¥ÁØ /etc/passwd ÆÄÀÏÀ» »ç¿ëÇÑ´Ù¸é, NIS ¼Ò½º ÆÄÀÏÀÌ ÀÌ ÁßÀÇ Çϳª¶óµµ º¯°æµÈ ÈÄ /var/yp µð·ºÅ丮¿¡¼­ make¸¦ ½ÇÇà½ÃÄÑ NIS ¸ÊÀ» °»½ÅÇØ¾ß ÇÏ´Â °ÍÀ» ±â¾ïÇϽʽÿÀ. ÀÌ°ÍÀº cronÀ¸·Î ¹ã¿¡ ¼öÇà½ÃÄÑ ÃÖ½ÅÀÇ NIS ¸ÊÀ» À¯ÁöÇϵµ·Ï ÇÏ´Â °ÍÀÌ Àû´çÇÕ´Ï´Ù.

4. SHADOW PASSWORDS

¸®´ª½º libc5´Â ½¦µµ¿ì NIS ¸ÊÀ» Áö¿øÇÏÁö ¾Ê½À´Ï´Ù. libc5¿¡ Á¾¼ÓÀûÀÎ ÀÀ¿ë ÇÁ·Î±×·¥À» »ç¿ëÇÒ °æ¿ì¿£ ½¦µµ¿ì NIS ¸ÊÀ» »ç¿ëÇؼ­´Â ¾ÈµË´Ï´Ù. ´ë½Å ´ÙÀ½ÀÇ ¹æ¹ýµéÀ» »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.

  1. SHADOW-LIKE SECURITY NIS°¡ Æнº¿öµå¸¦ ã´Â °ÍÀ» "mangling"ÇÏ¿© ½¦µµ¿ì¿Í ºñ½ÁÇÑ º¸¾ÈÀ» Á¦°øÇÒ ¼ö ÀÖ½À´Ï´Ù. "ypserv.conf" ¸ÇÆäÀÌÁö¿Í /etc/ypserv.confÀÇ ÁÖ¼®À» Àо½Ê½Ã¿À.
  2. REAL SHADOW SUPPORT libc6Àº NIS ³»¿¡ ½¦µµ¿ì Áö¿øÀÌ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. ÀÌ°ÍÀº ´ç½ÅÀÌ ¿øÇÏ´Â °Í°ú °°ÀÌ µ¿ÀÛÇÒ °ÍÀÔ´Ï´Ù; NIS ¼­¹ö·ÎºÎÅÍ ½¦µµ¿ì¸¦ ¹Þ¾Æ »ç¿ëÇϱ⸸ ÇÏ¸é µË´Ï´Ù. ½¦µµ¿ì ¸ÊÀº makedbm¿¡ ¿É¼Ç "-s"(secure)¸¦ ÁÖ¸é ¸¸µé¾î Áý´Ï´Ù. ÀÌ°ÍÀº ÇöÀçÀÇ ¸ðµç /var/yp/Makefile³»¿¡¼­ ÀÚµ¿À¸·Î ¼öÇàµË´Ï´Ù.

    ÁÖ)½¦µµ¿ì Æнº¿öµå¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é 2.2¿Í °°Àº "plus" entries¸¦ /etc/passwd ¿Í /etc/shadow ¸ðµÎ¿¡ Ãß°¡½Ãų ÇÊ¿ä°¡ ÀÖ½À´Ï´Ù. ¿Ã¹Ù¸¥ ÇüÅ·ΠÃß°¡ÇϽʽÿÀ; passwd¿Í shadowÆÄÀÏÀº ´Ù¸¥ ÇʵåµéÀ» °¡Áö°í ÀÖ½À´Ï´Ù.

5. HOW TO SETUP A NIS SLAVE SERVER

  1. ¸ÕÀú, ½Ã½ºÅÛÀ» NIS Ŭ¶óÀ̾ðÆ®·Î ¼³Á¤ÇϽʽÿÀ(1À» º¸½Ê½Ã¿À).
  2. À̾ À§¿¡ ¼³¸íÇѵ¥·Î 3.1ºÎÅÍ 3.5±îÁö ¼³Á¤ÇϵÇ, 3.4¿¡¼­ /etc/init.d/nis ÆÄÀϳ»ÀÇ ypserv¸¦ slave(ypserv=slave)·Î ¼³Á¤ÇϽʽÿÀ.
  3. µ¥¸óÀ» ½ÇÇàÇÏ°í ÃʱâÈ­ÇϽʽÿÀ.
    /etc/init.d/nis stop
    /etc/init.d/nis start
    /usr/lib/yp/ypinit -s <ÁÖ NIS ¼­¹ö À̸§>
    
  4. ÀÌÁ¦ ÁÖ NIS ¼­¹ö¿¡ Á¾ NIS ¼­¹ö Áö¿øÀ» ¼³Á¤ÇÕ´Ï´Ù. ¸ÕÀú ÁÖ NIS ¼­¹ö¿¡ ÀÖ´Â NIS MakefileÀ» Á¶Á¤ÇÏ¿© ¾ÕÀ¸·ÎÀÇ ¸ðµç °»½ÅµÈ Á¤º¸¸¦ ÀÚµ¿À¸·Î Á¾ NIS ¼­¹ö¿¡ Àü´ÞÇϵµ·Ï ÇÕ´Ï´Ù. /var/yp/Makefile³»ÀÇ NOPUSH º¯¼ö¸¦ ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇϽʽÿÀ.
    NOPUSH="false"
    

    ÀÌÁ¦ ÁÖ ¼­¹ö´Â "/usr/lib/yp/ypinit -m" ¸í·É ½ÇÇàÀ¸·Î Á¾ ¼­¹öµéÀÇ Á¤º¸¸¦ Àü´ÞÇÕ´Ï´Ù. Á¾ ¼­¹öµéÀÇ À̸§À» ÀÔ·ÂÇϽʽÿÀ. ¸ÊÀ» ´Ù½Ã ¸¸µé¾î Á¾ ¼­¹ö·Î ÀڷḦ Àü´ÞÇÕ´Ï´Ù.

  5. Á¾ ¼­¹öÀÇ ·çÆ® crontab¿¡ ´ÙÀ½À» Ãß°¡ÇÕ´Ï´Ù. (crontab -e)
    20 *     * * * /usr/lib/yp/ypxfr_1perhour
    40 5     * * * /usr/lib/yp/ypxfr_1perday
    55 6, 18 * * * /usr/lib/yp/ypxfr_2perday
    

    ÀÌ°ÍÀº ¸ðµç NIS ¸ÊµéÀÌ ÃֽŠÁ¤º¸·Î °»½ÅµÇµµ·Ï Çϸç, Á¤º¸ °»½Å½Ã Á¾ ¼­¹öÀÇ ´Ù¿îÀ¸·Î ºüÁø Á¤º¸µµ °»½ÅµË´Ï´Ù.


ID
Password
Join
He who has imagination without learning has wings but no feet.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2003-08-10 11:52:30
Processing time 0.0015 sec