From owner-svn-doc-head@FreeBSD.ORG Tue Oct 15 16:57:04 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 140FEC87; Tue, 15 Oct 2013 16:57:04 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 00E1426BC; Tue, 15 Oct 2013 16:57:04 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r9FGv3wj054773; Tue, 15 Oct 2013 16:57:03 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r9FGv3UV054772; Tue, 15 Oct 2013 16:57:03 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201310151657.r9FGv3UV054772@svn.freebsd.org> From: Dru Lavigne Date: Tue, 15 Oct 2013 16:57:03 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42967 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2013 16:57:04 -0000 Author: dru Date: Tue Oct 15 16:57:03 2013 New Revision: 42967 URL: http://svnweb.freebsd.org/changeset/doc/42967 Log: White space fix only. Translators can ignore. Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Tue Oct 15 16:52:15 2013 (r42966) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Tue Oct 15 16:57:03 2013 (r42967) @@ -600,19 +600,19 @@ server-program-arguments - NFS consists of at least two main - parts: a server and one or more clients. The client remotely - accesses the data that is stored on the server machine. In - order for this to function properly a few processes have to be - configured and running. + NFS consists of at least two main + parts: a server and one or more clients. The client + remotely accesses the data that is stored on the server + machine. In order for this to function properly a few + processes have to be configured and running. - These daemons must be running on the server: - - NFS + These daemons must be running on the server: + + NFS server - - - file server + + + file server UNIX clients @@ -666,21 +666,21 @@ server-program-argumentsRunning &man.nfsiod.8; can improve performance on the client, but is not required. - - Configuring <acronym>NFS</acronym> + + Configuring <acronym>NFS</acronym> - - NFS - configuration - + + NFS + configuration + - Enabling the NFS server - is straightforward. The required processes - can be set to start at boot time by adding - these options to - /etc/rc.conf: + Enabling the NFS server + is straightforward. The required processes + can be set to start at boot time by adding + these options to + /etc/rc.conf: - rpcbind_enable="YES" + rpcbind_enable="YES" nfs_server_enable="YES" mountd_flags="-r" @@ -1037,7 +1037,8 @@ Exports list on foobar: --> - Network Information System (NIS/YP) + Network Information System (NIS/YP) + NIS Solaris HP-UX @@ -1051,14 +1052,13 @@ Exports list on foobar: Network Information System (NIS) - is designed - to centralize administration of &unix;-like - systems such as - &solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, and &os;. - NIS - was originally known as Yellow Pages but the name was changed due to trademark - issues. This is the reason why NIS - commands begin with yp. + is designed to centralize administration of &unix;-like + systems such as &solaris;, HP-UX, &aix;, Linux, NetBSD, + OpenBSD, and &os;. NIS was originally + known as Yellow Pages but the name was changed due to + trademark issues. This is the reason why + NIS commands begin with + yp. NIS @@ -1066,18 +1066,19 @@ Exports list on foobar: NIS is a Remote Procedure Call - (RPC)-based client/server system that allows a group - of machines within an NIS domain to share a common set of - configuration files. This permits a system administrator to - set up NIS client systems with only minimal configuration data - and add, remove or modify configuration data from a single - location. + (RPC)-based client/server system that + allows a group of machines within an NIS + domain to share a common set of configuration files. This + permits a system administrator to set up + NIS client systems with only minimal + configuration data and add, remove or modify configuration + data from a single location. <acronym>NIS</acronym> Terms and Processes - Table 28.1 summarizes the terms and important processes used - by NIS: + Table 28.1 summarizes the terms and important processes + used by NIS: rpcbind @@ -1088,6 +1089,7 @@ Exports list on foobar: <acronym>NIS</acronym> Terminology + @@ -1103,42 +1105,41 @@ Exports list on foobar: NIS domain name - An NIS master server and all of its clients, - including its slave servers, share a NIS domain name - which - does not have anything to do with - DNS. + An NIS master server and all + of its clients, including its slave servers, share a + NIS domain name which does not have + anything to do with DNS. &man.rpcbind.8; This service enables RPC and - must be running - in order to run an NIS server or act as - an NIS client. + must be running in order to run an + NIS server or act as an + NIS client. &man.ypbind.8; - This service binds an NIS client to its NIS - server. It will take the NIS domain name - and use RPC to connect to - the server. It is the - core of client/server communication in an NIS - environment. If this service is not running - on a client machine, it will not be able to access the - NIS server. + This service binds an NIS + client to its NIS server. It will + take the NIS domain name and use + RPC to connect to the server. It + is the core of client/server communication in an + NIS environment. If this service + is not running on a client machine, it will not be + able to access the NIS + server. &man.ypserv.8; - This is the process for - the NIS server. If this service stops running, - the server will no longer be able to - respond to NIS requests so hopefully, there is a slave - server to take over. Some - non-&os; clients + This is the process for the + NIS server. If this service stops + running, the server will no longer be able to respond + to NIS requests so hopefully, there + is a slave server to take over. Some non-&os; clients will not try to reconnect using a slave server and the ypbind process may need to be restarted on these @@ -1148,11 +1149,12 @@ Exports list on foobar: &man.rpc.yppasswdd.8; This process only runs on - NIS master servers. This daemon allows - NIS clients to change their NIS passwords. If this - daemon is not running, users will have to login to the - NIS master server and change their passwords - there. + NIS master servers. This daemon + allows NIS clients to change their + NIS passwords. If this daemon is + not running, users will have to login to the + NIS master server and change their + passwords there. @@ -1163,64 +1165,68 @@ Exports list on foobar: Machine Types + + NIS + master server + + NIS + slave server + NIS - master server - - - NIS - slave server - - - NIS - client - + client + - There are three types of hosts in an NIS environment: + There are three types of hosts in an + NIS environment: - - - NIS master server - - This server acts as a - central repository for host configuration information and - maintains the authoritative copy of the files used by all of the NIS - clients. The passwd, - group, and other various files used - by NIS clients are stored on the master server. While - it is possible for one machine to be an NIS master - server for more than one NIS domain, this - will not be covered in chapter as it - assumes a relatively small-scale NIS - environment. - + + + NIS master server - - NIS slave servers + This server acts as a central repository for host + configuration information and maintains the + authoritative copy of the files used by all of the + NIS clients. The + passwd, group, + and other various files used by NIS + clients are stored on the master server. While it is + possible for one machine to be an NIS + master server for more than one NIS + domain, this will not be covered in chapter as it + assumes a relatively small-scale NIS + environment. + - NIS slave servers maintain copies of the - NIS master's data files in order to provide - redundancy. - Slave servers also help to balance the load of the master server as - NIS clients always attach to the NIS server which - responds first. - + + NIS slave servers - - NIS clients + NIS slave servers maintain copies + of the NIS master's data files in + order to provide redundancy. Slave servers also help to + balance the load of the master server as + NIS clients always attach to the + NIS server which responds + first. + - NIS clients - authenticate against the NIS server - during log on. - - + + NIS clients + + NIS clients authenticate + against the NIS server during log + on. + + - Information in many files can be shared using NIS. - The master.passwd, + Information in many files can be shared using + NIS. The + master.passwd, group, and hosts - files are commonly shared via NIS. Whenever a process on a - client needs information that would normally be found in these - files locally, it makes a query to the NIS server that it is - bound to instead. + files are commonly shared via NIS. + Whenever a process on a client needs information that would + normally be found in these files locally, it makes a query to + the NIS server that it is bound to + instead. @@ -1232,8 +1238,8 @@ Exports list on foobar: machine has its own /etc/passwd and /etc/master.passwd. These files are kept in sync with each other only through manual - intervention. Currently, when a user is added to the lab, the - process must be repeated on all 15 machines.. + intervention. Currently, when a user is added to the lab, + the process must be repeated on all 15 machines.. The configuration of the lab will be as follows: @@ -1295,28 +1301,29 @@ Exports list on foobar: NIS domain name - When a client broadcasts - its requests for info, it includes the name of the NIS - domain that it is part of. This is how multiple servers - on one network can tell which server should answer which - request. Think of the NIS domain name as the name for a - group of hosts. - - Some organizations choose to use their Internet - domain name for their NIS domain name. This is not - recommended as it can cause confusion when trying to debug - network problems. The NIS domain name should be unique - within the network and it is helpful if it describes the - group of machines it represents. For example, the Art - department at Acme Inc. might be in the - acme-art NIS domain. This example - will use the domain name - test-domain. - - However, some non-&os; operating systems require - the NIS domain name to be the same as the Internet domain name. If - one or more machines on the network have this - restriction, the Internet domain name must be used as the + When a client broadcasts its requests for info, it + includes the name of the NIS domain + that it is part of. This is how multiple servers on one + network can tell which server should answer which request. + Think of the NIS domain name as the + name for a group of hosts. + + Some organizations choose to use their Internet domain + name for their NIS domain name. This + is not recommended as it can cause confusion when trying + to debug network problems. The NIS + domain name should be unique within the network and it is + helpful if it describes the group of machines it + represents. For example, the Art department at Acme Inc. + might be in the acme-art + NIS domain. This example will use the + domain name test-domain. + + However, some non-&os; operating systems require the + NIS domain name to be the same as the + Internet domain name. If one or more machines on the + network have this restriction, the Internet domain name + must be used as the NIS domain name. @@ -1324,69 +1331,71 @@ Exports list on foobar: Physical Server Requirements There are several things to keep in mind when choosing - a machine to use as a NIS server. Since - NIS clients depend upon the availability - of the server, choose a machine that is - not rebooted frequently. The NIS server should ideally be a stand - alone machine whose sole purpose is to be an NIS - server. If the network is not heavily used, it is - acceptable to put the NIS server on a machine running - other services. However, if the NIS server becomes - unavailable, it will adversely affect - all NIS clients. - - + a machine to use as a NIS server. + Since NIS clients depend upon the + availability of the server, choose a machine that is not + rebooted frequently. The NIS server + should ideally be a stand alone machine whose sole purpose + is to be an NIS server. If the network + is not heavily used, it is acceptable to put the + NIS server on a machine running other + services. However, if the NIS server + becomes unavailable, it will adversely affect all + NIS clients. + + Configuring the <acronym>NIS</acronym> Servers - The canonical copies of all NIS files are stored - on the master server. The - databases used to store the information are called NIS maps. - In &os;, these maps are stored in + The canonical copies of all NIS + files are stored on the master server. The databases used + to store the information are called NIS + maps. In &os;, these maps are stored in /var/yp/[domain name] where - [domain name] is the name of the NIS - domain. Since multiple - domains are supported, it is possible to have - several directories, one for each domain. - Each domain will have its own independent set of - maps. - - NIS master and slave servers handle all NIS requests - through &man.ypserv.8;. This daemon - is responsible for receiving - incoming requests from NIS clients, translating the + [domain name] is the name of the + NIS domain. Since multiple domains are + supported, it is possible to have several directories, one + for each domain. Each domain will have its own independent + set of maps. + + NIS master and slave servers handle + all NIS requests through &man.ypserv.8;. + This daemon is responsible for receiving incoming requests + from NIS clients, translating the requested domain and map name to a path to the corresponding database file, and transmitting data from the database back to the client. - Setting Up a <acronym>NIS</acronym> Master Server + Setting Up a <acronym>NIS</acronym> Master + Server NIS server configuration - Setting up a master NIS server can be relatively - straight forward, depending on environmental needs. Since &os; - provides built-in NIS support, it only needs - to be enabled by adding the following lines to + Setting up a master NIS server can + be relatively straight forward, depending on environmental + needs. Since &os; provides built-in + NIS support, it only needs to be + enabled by adding the following lines to /etc/rc.conf: nisdomainname="test-domain" - This line sets the NIS domain name to - test-domain. + This line sets the NIS domain + name to test-domain. nis_server_enable="YES" - This automates the start up of the NIS server - processes when the system - boots. + This automates the start up of the + NIS server processes when the + system boots. @@ -1399,56 +1408,61 @@ Exports list on foobar: - Depending on the NIS setup, additional entries may - be required. Refer to - if - the NIS server is also an NIS clients. + Depending on the NIS setup, + additional entries may be required. Refer to if the + NIS server is also an + NIS clients. After saving the edits, type - /etc/netstart to restart the network and - apply the values defined in - /etc/rc.conf. Before - initializing the NIS maps, start + /etc/netstart to restart the network + and apply the values defined in + /etc/rc.conf. Before initializing + the NIS maps, start &man.ypserv.8;: &prompt.root; service ypserv start - Initializing the <acronym>NIS</acronym> Maps + Initializing the <acronym>NIS</acronym> + Maps NIS maps - NIS maps are database files - stored in /var/yp. - They are generated from configuration files in - /etc on the NIS master, - with one exception: - /etc/master.passwd. This is to prevent the - propagation passwords to all the servers in the NIS domain. Therefore, - before the NIS maps are initialized, configure the primary - password files: + NIS maps are database files stored + in /var/yp. They + are generated from configuration files in /etc on the + NIS master, with one exception: + /etc/master.passwd. This is to + prevent the propagation passwords to all the servers in + the NIS domain. Therefore, before the + NIS maps are initialized, configure the + primary password files: &prompt.root; cp /etc/master.passwd /var/yp/master.passwd &prompt.root; cd /var/yp &prompt.root; vi master.passwd It is advisable to remove all entries for system - accounts as well as any user accounts - that do not need to be propagated to the NIS clients, such as - the root accounts. + accounts as well as any user accounts that do not need to + be propagated to the NIS clients, such + as the root accounts. Ensure that the /var/yp/master.passwd is neither - group or world readable by setting its permissions to 600. + group or world readable by setting its permissions to + 600. When this task has been completed, it is time to - initialize the NIS maps. &os; includes the - &man.ypinit.8; script to do this. When generating + initialize the NIS maps. &os; includes + the &man.ypinit.8; script to do this. When generating maps for the master server, include - and specify the NIS domain name: + and specify the NIS + domain name: ellington&prompt.root; ypinit -m test-domain Server Type: MASTER Domain: test-domain @@ -1478,9 +1492,10 @@ ellington has been setup as an YP master created /var/yp/Makefile from /var/yp/Makefile.dist. When created, this file assumes that the operating environment is a - single server NIS system with only &os; machines. Since - test-domain has a slave server as well, - edit /var/yp/Makefile as well: + single server NIS system with only &os; + machines. Since test-domain has a + slave server as well, edit + /var/yp/Makefile as well: ellington&prompt.root; vi /var/yp/Makefile @@ -1492,20 +1507,23 @@ ellington has been setup as an YP master - Setting up a <acronym>NIS</acronym> Slave Server + Setting up a <acronym>NIS</acronym> Slave + Server NIS slave server - Setting up an NIS slave server is even more simple - than setting up the master. Log on to the slave server - and edit the file /etc/rc.conf as you - did before. The only difference is that we now must use - the option when running + Setting up an NIS slave server is + even more simple than setting up the master. Log on to + the slave server and edit the file + /etc/rc.conf as you did before. The + only difference is that we now must use the + option when running ypinit. The option - requires the name of the NIS master be passed to it as - well, so our command line looks like: + requires the name of the NIS master be + passed to it as well, so our command line looks + like: coltrane&prompt.root; ypinit -s ellington test-domain @@ -1564,38 +1582,39 @@ ypxfr: Exiting: Map successfully transfe coltrane has been setup as an YP slave server without any errors. Remember to update map ypservers on ellington. - There should be a directory called - /var/yp/test-domain. Copies of the - NIS master server's maps should be in this directory. - These files must always be up to date. The following - /etc/crontab entries on the slave - servers should do the job: + There should be a directory called + /var/yp/test-domain. Copies of the + NIS master server's maps should be in + this directory. These files must always be up to date. + The following /etc/crontab entries on + the slave servers should do the job: - 20 * * * * root /usr/libexec/ypxfr passwd.byname + 20 * * * * root /usr/libexec/ypxfr passwd.byname 21 * * * * root /usr/libexec/ypxfr passwd.byuid - These two lines force the slave to sync its maps with - the maps on the master server. These entries are not - mandatory because the master server automatically attempts - to push any map changes to its slaves; however, due to - the importance of correct password information on other - clients depending on the slave server, it is recommended - to specifically force the password map updates frequently. - This is especially important on busy networks where map - updates might not always complete. + These two lines force the slave to sync its maps with + the maps on the master server. These entries are not + mandatory because the master server automatically attempts + to push any map changes to its slaves; however, due to + the importance of correct password information on other + clients depending on the slave server, it is recommended + to specifically force the password map updates frequently. + This is especially important on busy networks where map + updates might not always complete. - Now, run the command /etc/netstart - on the slave server as well, which again starts the NIS - server. + Now, run the command /etc/netstart + on the slave server as well, which again starts the NIS + server. Setting Up a <acronym>NIS</acronym> Client - An NIS client establishes what is called a binding to a - particular NIS server using the ypbind - daemon. The ypbind command checks the - system's default domain (as set by the + An NIS client establishes what is + called a binding to a particular NIS + server using the ypbind daemon. The + ypbind command checks the system's + default domain (as set by the domainname command), and begins broadcasting RPC requests on the local network. These requests specify the name of the domain for which @@ -1607,8 +1626,8 @@ Remember to update map ypservers on elli master and several slaves, for example), ypbind will use the address of the first one to respond. From that point on, the client system will - direct all of its NIS requests to that server. - ypbind will occasionally + direct all of its NIS requests to that + server. ypbind will occasionally ping the server to make sure it is still up and running. If it fails to receive a reply to one of its pings within a reasonable amount of time, @@ -1616,18 +1635,20 @@ Remember to update map ypservers on elli and begin broadcasting again in the hopes of locating another server. - - NIS - client configuration - - Setting up a FreeBSD machine to be a NIS client is - fairly straightforward. + NIS + client configuration + + + Setting up a FreeBSD machine to be a + NIS client is fairly + straightforward. Edit /etc/rc.conf and add the - following lines in order to set the NIS domain name and - start ypbind during network + following lines in order to set the + NIS domain name and start + ypbind during network startup: nisdomainname="test-domain" @@ -1636,7 +1657,8 @@ nis_client_enable="YES" To import all possible password entries from the - NIS server, remove all user accounts from the + NIS server, remove all user + accounts from the /etc/master.passwd file and use vipw to add the following line to the end of the file: @@ -1645,8 +1667,9 @@ nis_client_enable="YES" This line will afford anyone with a valid - account in the NIS server's password maps an - account. There are many ways to configure the NIS + account in the NIS server's + password maps an account. There are many ways to + configure the NIS client by changing this line. See the netgroups section below for more information. For @@ -1675,15 +1698,16 @@ nis_client_enable="YES" - To start the NIS client immediately, execute the - following commands as the superuser: + To start the NIS client + immediately, execute the following commands as the + superuser: &prompt.root; /etc/netstart &prompt.root; service ypbind start - After completing these steps, the command, - ypcat passwd, should show the - server's passwd map. + After completing these steps, the command, + ypcat passwd, should show the + server's passwd map. @@ -1691,13 +1715,13 @@ nis_client_enable="YES"<acronym>NIS</acronym> SecurityIn general, any remote user may issue an RPC to - &man.ypserv.8; and retrieve the contents of the NIS maps, - provided the remote user knows the domain name. To prevent - such unauthorized transactions, &man.ypserv.8; supports a - feature called securenets which can be used to - restrict access to a given set of hosts. At startup, - &man.ypserv.8; will attempt to load the securenets information - from a file called + &man.ypserv.8; and retrieve the contents of the + NIS maps, provided the remote user knows + the domain name. To prevent such unauthorized transactions, + &man.ypserv.8; supports a feature called + securenets which can be used to restrict access + to a given set of hosts. At startup, &man.ypserv.8; will + attempt to load the securenets information from a file called /var/yp/securenets. @@ -1742,30 +1766,31 @@ nis_client_enable="YES" firewall. Servers using /var/yp/securenets - may fail to serve legitimate NIS clients with archaic TCP/IP - implementations. Some of these implementations set all host - bits to zero when doing broadcasts and/or fail to observe - the subnet mask when calculating the broadcast address. - While some of these problems can be fixed by changing the - client configuration, other problems may force - the retirement of the client systems in question or the - abandonment of + may fail to serve legitimate NIS clients + with archaic TCP/IP implementations. Some of these + implementations set all host bits to zero when doing + broadcasts and/or fail to observe the subnet mask when + calculating the broadcast address. While some of these + problems can be fixed by changing the client configuration, + other problems may force the retirement of the client + systems in question or the abandonment of /var/yp/securenets. Using /var/yp/securenets on a server with such an archaic implementation of TCP/IP is a - really bad idea and will lead to loss of NIS functionality - for large parts of the network. + really bad idea and will lead to loss of + NIS functionality for large parts of the + network. TCP Wrappers The use of TCP Wrapper - increases the latency of the NIS server. The additional - delay may be long enough to cause timeouts in client - programs, especially in busy networks or with slow NIS - servers. If one or more of the client systems suffers from - these symptoms, convert the client systems in question into - NIS slave servers and force them to bind to - themselves. + increases the latency of the NIS server. + The additional delay may be long enough to cause timeouts in + client programs, especially in busy networks or with slow + NIS servers. If one or more of the client systems suffers + from these symptoms, convert the client systems in question + into NIS slave servers and force them to + bind to themselves. @@ -1774,21 +1799,23 @@ nis_client_enable="YES"In our lab, there is a machine basie that is supposed to be a faculty only workstation. We do not want - to take this machine out of the NIS domain, yet the - passwd file on the master NIS server - contains accounts for both faculty and students. What can we + to take this machine out of the NIS domain, + yet the passwd file on the master + NIS server contains accounts for both + faculty and students. What can we do?There is a way to bar specific users from logging on to a - machine, even if they are present in the NIS database. To do - this, add + machine, even if they are present in the + NIS database. To do this, add -username with the correct number of colons like other entries to the end of the /etc/master.passwd file on the client machine, where username is the username of the user to bar from logging in. The line with the blocked user must be before the + line - for allowing NIS users. This should preferably be done using + for allowing NIS users. This should + preferably be done using vipw, since vipw will sanity check the changes to /etc/master.passwd, as well as @@ -1849,12 +1876,12 @@ basie&prompt.root; each machine separately, thus losing the main benefit of NIS: centralized administration. - The NIS developers' solution for this problem is called - netgroups. Their purpose and semantics - can be compared to the normal groups used by &unix; file - systems. The main differences are the lack of a numeric ID - and the ability to define a netgroup by including both user - accounts and other netgroups. + The NIS developers' solution for this + problem is called netgroups. Their + purpose and semantics can be compared to the normal groups + used by &unix; file systems. The main differences are the + lack of a numeric ID and the ability to define a netgroup by + including both user accounts and other netgroups.Netgroups were developed to handle large, complex networks with hundreds of users and machines. On one hand, this is a @@ -1863,11 +1890,13 @@ basie&prompt.root; with really simple examples. The example used in the remainder of this section demonstrates this problem. - Let us assume that the successful introduction of NIS in - the laboratory caught a superiors' interest. The next task is - to extend the NIS domain to cover some of the other machines - on campus. The two tables contain the names of the new users - and new machines as well as brief descriptions of them. + Let us assume that the successful introduction of + NIS in the laboratory caught a superiors' + interest. The next task is to extend the + NIS domain to cover some of the other + machines on campus. The two tables contain the names of the + new users and new machines as well as brief descriptions of + them. @@ -1973,15 +2002,15 @@ basie&prompt.root; adding a new machine, login restrictions must be defined for all netgroups. If a new user is added, they must be added to one or more netgroups. Those changes are independent of each - other: no more - for each combination of user and machine do... - If the NIS setup is planned carefully, only one central - configuration file needs modification to grant or deny access - to machines. - - The first step is the initialization of the NIS map - netgroup. &os;'s &man.ypinit.8; does not create this map by - default, but its NIS implementation will support it after + other: no more for each combination of user and machine + do... If the NIS setup is + planned carefully, only one central configuration file needs + modification to grant or deny access to machines. + + The first step is the initialization of the + NIS map netgroup. &os;'s &man.ypinit.8; + does not create this map by default, but its + NIS implementation will support it after creation. To create an empty map, simply type ellington&prompt.root; vi /var/yp/netgroup @@ -2015,8 +2044,9 @@ INTERNS (,able,test-domain) (,baker, - The NIS domain for the account. Accounts may be - imported from other NIS domains into a netgroup. + The NIS domain for the account. + Accounts may be imported from other NIS + domains into a netgroup. @@ -2027,18 +2057,19 @@ INTERNS (,able,test-domain) (,baker, netgroups Netgroup names longer than 8 characters should not be used, especially with machines running other operating - systems within the NIS domain. The names are case - sensitive; using capital letters for netgroup names is an - easy way to distinguish between user, machine and netgroup - names. - - Some NIS clients (other than &os;) cannot handle - netgroups with a large number of entries. For example, some - older versions of &sunos; start to cause trouble if a - netgroup contains more than 15 entries. - This limit may be circumvented by creating several - sub-netgroups with 15 users or fewer and a real netgroup - consisting of the sub-netgroups: + systems within the NIS domain. The names + are case sensitive; using capital letters for netgroup names + is an easy way to distinguish between user, machine and + netgroup names. + + Some NIS clients (other than &os;) + cannot handle netgroups with a large number of entries. For + example, some older versions of &sunos; start to cause + trouble if a netgroup contains more than 15 + entries. This limit may be + circumvented by creating several sub-netgroups with 15 users + or fewer and a real netgroup consisting of the + sub-netgroups: BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...] BIGGRP2 (,joe16,domain) (,joe17,domain) [...] @@ -2049,8 +2080,8 @@ BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3 - Activating and distributing the new NIS map is - easy: *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***