 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
A common syntax in nsswitch.conf is
networks: nisplus [NOTFOUND=return] files
This says to look up the user in NIS, and if NIS is accessible but
the user isn't found, then fail, and only look at the local
/etc/passwd if NIS is not accessible.
If you reverse this,
networks: files [NOTFOUND=return] nisplus
what happens? If the "NOTFOUND" clause is a general
property and not a special NIS-only attribute, then maybe
this will do what you want.
Of course, this is another one of those stinky-finger suggestions :-)
On Tue, Nov 10, 2009 at 4:50 PM, Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org> wrote:
> One of my systems needs to be restricted to a subset of people, but I
> still want to use NIS. The system has 2 ways it may be accessed:
> 1. SSH - I set up AllowUsers and that works fine.
> 2. Console. Since we have a KVM, someone could log into the KVM and come
> in through the console port. I can physically unplug the console, but I
> was wondering if there was a way to accomplish this through an access list.
> I certainly can turn off NIS for this host and clone the password and
> shadow entries, but I would prefer to allow NIS.
>
> I'm not concerned about hackers outside of our VPN, but the contract for
> the software we are working with specifically excludes anyone in our
> development group. But, our IT people in NY do have a login.
>
> In any case just looking for a suggestion.
>
> --
> Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
> Boston Linux and Unix
> PGP key id: 537C5846
> PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB ?CA3B 4607 4319 537C 5846
>
>
>
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>
>
--
John Abreau / Executive Director, Boston Linux & Unix
AIM abreauj / JABBER jabr-iMZfmuK6BGBxLiRVyXs8+g at public.gmane.org / YAHOO abreauj / SKYPE zusa_it_mgr
Email jabr-mNDKBlG2WHs at public.gmane.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
