Hello,
I had several replies to my message on maintaining users is NIS compatibility
mode, all of which had something useful to say.
Recommende were writing my own scripts to add users, as well as adding the
+username style entry to the /etc/passwd file and then running pwconv to produce
the appropriate shadow file entry. Of all the ideas, though, the one we'll
probably go ahead with is the idea of setting up a netgroup ie "OKusers" and
creating the +@OKusers entry in the passwd file. This way only the NIS netgroups
files have to be altered later when users change etc.
Thanks to all those who responded:
Casper Dik <casper@holland.Sun.COM>
noelf@ttmc.com (Noel Fardy)
Kamal Kantawala <kamal@mcc.com>
Ian MacPhedran <Ian_MacPhedran@mackenzie.usask.ca>
David Poulet
----------------------------------------------------------------------------
| David Poulet - Systems Programmer | E-mail: D.G.Poulet@durham.ac.uk |
| Durham University, UK. | Phone: 0191-374-4718 |
----------------------------------------------------------------------------
My original message:
I have a question about managing users on Solaris 2.5 when using NIS compat
mode.
We're running a Solaris 2.5 box as part of a large network serviced by NIS for
various services. We'd like to make this box available only to a subset of all
those users in the main NIS passwd map.
In order to do this we set the /etc/nsswitch.conf file to read "compat" for
passwd and group. Then entries can be made in the following format in
the /etc/passwd file:
+username::::::/bin/csh
My question is - what is the easiest way of adding users in this way? It works
OK if you alter the passwd + shadow files manually, but there doesnt seem to
be any simple way of adding this type of user entry with say admintool or
useradd. For instance, if you try to run useradd with a username of the format
"+username", it creates the entries OK, but the passwd is locked and has to be
altered manually, rather than creating a shadow file entry which is null to
use the NIS map entry.
Does anyone have any good ideas about how to implement this - or a better way
entirely?
Thanks
David Poulet
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:48 CDT