Date: Sat, 20 Jul 1996 14:45:32 -0400 (EDT) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: dev@fgate.flevel.co.uk (Developer) Cc: current@freebsd.org Subject: Re: Help on setting up yp/nis Message-ID: <199607201845.OAA20691@skynet.ctr.columbia.edu> In-Reply-To: <Pine.BSI.3.93.960720172910.6477A-100000@fgate.flevel.co.uk> from "Developer" at Jul 20, 96 05:32:05 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, Developer had to walk into mine and say: > On Thu, 18 Jul 1996, Bill Paul wrote: > > > For the umpity-umpth time: read the passwd(5) man page. (That's passwd(5), > > not passwd(1); 'man 5 passwd'.) It explains quite clearly how to set up a > > client to use the NIS passwd maps (and how not to do it). > > > > If, after reading this man page, you still have specific questions, > > come back and ask them and I'll try to help. > > Thanks for the information, I didn't know there was a mention in the > passwd man page - Ive just about got things sorted now after spending ages > altering user id's so they don't clash *sigh* > > A couple of quick question.. what is the recommended way of handling users > email? Does the NIS server always update the password database > (/etc/passwd) as well as the yp version or can those be seperate? I'm not sure I understand what you mean. You seem to be asking two different questions here. If you have a multi-machine environment with a shared user database (i.e. NIS), it's usually best to set up one machine as the mail server and use MX records to forward mail sent to other machines in your network to the mail server rather than letting them handle mail themselves. One my network, I have a single machine designated as the mail host (you could do more to spread out the load, if your network is very large) and all the 'client' machines mount its /var/spool/mail directory via NFS (and the automounter). Each 'client' is also set up as a sendmail 'null client': if you send mail from one of them, it gets forwarded first to the mail host, and then the mail host forwards it to its final destination. The mail host also strips out the hostname of the 'client' machine from the header so that all outgoing mail appears to come from 'user@ctr.columbia.edu' rather than 'user@host.ctr.columbia.edu'. This means that all replies will automatically be sent back to the mail host rather than the 'clients.' Each 'client' also has an MX record that points to the mail host, so any mail sent to 'user@host.ctr.columbia.edu' is re-routed to 'user@mailhost.ctr.columbia.edu'. The mail host is the only machine on the network that runs sendmail in daemon mode, thus only it can accept inbound mail anyway. (The other machines do run sendmail in the background, but only with the -q30m flag. This allows them to flush their queue directories every so often, just in case.) To read mail, all a user has to do is log into any 'client' host and run their favorite mailer. As for your second question, the NIS password database and the local database (/etc/master.passwd) are seperate. By adding the +::::::::: entry to the end of /etc/master.passwd, you tell the system to augment the local password database with the information in the NIS maps. You are allowed to have users that exist in the local database only, but obviously these users will only be able to log into the one machine where their password database entries exist. They will also be unable to receive any mail except on the machine where their local entry exists. (For example, if your NIS master server and mailhost is called 'mailhost' and you define a user 'foo' on a machine called 'mailclient' and 'mailclient' has an MX record that sends all its mail to 'mailhost,' mailhost will not know that user 'foo' exists and reject all mail for user 'foo' with a "user unknown" error.) It's probably a good idea to have locally defined users appear before the +::::::::: entry; this will cause the local entry to take precedence over an entry in the NIS maps that happens to have the same username. (You want to avoid having both local and NIS users with the same username, however.) -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you." =============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607201845.OAA20691>