svn commit: r42975 - head/en_US.ISO8859-1/books/handbook/network-servers
Dru Lavigne
dru at FreeBSD.org
Wed Oct 16 18:17:34 UTC 2013
Author: dru
Date: Wed Oct 16 18:17:33 2013
New Revision: 42975
URL: http://svnweb.freebsd.org/changeset/doc/42975
Log:
White space fix only. Translators can ignore.
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Oct 16 16:57:38 2013 (r42974)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Oct 16 18:17:33 2013 (r42975)
@@ -1074,7 +1074,7 @@ Exports list on foobar:
configuration data and to add, remove, or modify configuration
data from a single location.</para>
- <para>&os; uses version 2 of the <acronym>NIS</acronym>
+ <para>&os; uses version 2 of the <acronym>NIS</acronym>
protocol.</para>
<sect2>
@@ -1459,17 +1459,19 @@ nis_client_flags="-S <replaceable>NIS do
<para>It is advisable to remove all entries for system
accounts as well as any user accounts that do not need to
be propagated to the <acronym>NIS</acronym> clients, such
- as the <username>root</username> and any other administrative accounts.</para>
+ as the <username>root</username> and any other
+ administrative accounts.</para>
<note><para>Ensure that the
<filename>/var/yp/master.passwd</filename> is neither
group or world readable by setting its permissions to
- <literal>600</literal>.</para></note>
+ <literal>600</literal>.</para>
+ </note>
- <para>After completing this task,
- initialize the <acronym>NIS</acronym> maps. &os; includes
- the &man.ypinit.8; script to do this. When generating
- maps for the master server, include
+ <para>After completing this task, initialize the
+ <acronym>NIS</acronym> maps. &os; includes the
+ &man.ypinit.8; script to do this. When generating maps
+ for the master server, include
<option>-m</option> and specify the <acronym>NIS</acronym>
domain name:</para>
@@ -1509,27 +1511,27 @@ ellington has been setup as an YP master
<programlisting>NOPUSH = "True"</programlisting>
</sect3>
-
+
<sect3>
- <title>Adding New Users</title>
+ <title>Adding New Users</title>
- <para>Every time a new user is created, the user account must
- be added to the master <acronym>NIS</acronym> server and
- the <acronym>NIS</acronym> maps rebuilt. Until this occurs,
- the new user will not be able to
- login anywhere except on the <acronym>NIS</acronym>
- master. For example, to add the new user
- <username>jsmith</username> to the
- <literal>test-domain</literal> domain, run these commands on the
- master server:</para>
+ <para>Every time a new user is created, the user account
+ must be added to the master <acronym>NIS</acronym>
+ server and the <acronym>NIS</acronym> maps rebuilt.
+ Until this occurs, the new user will not be able to
+ login anywhere except on the <acronym>NIS</acronym>
+ master. For example, to add the new user
+ <username>jsmith</username> to the
+ <literal>test-domain</literal> domain, run these
+ commands on the master server:</para>
- <screen>&prompt.root; <userinput>pw useradd jsmith</userinput>
+ <screen>&prompt.root; <userinput>pw useradd jsmith</userinput>
&prompt.root; <userinput>cd /var/yp</userinput>
&prompt.root; <userinput>make test-domain</userinput></screen>
- <para>The user could also be added using
- <command>adduser jsmith</command>
- instead of <command>pw useradd jsmith</command>.</para>
+ <para>The user could also be added using <command>adduser
+ jsmith</command> instead of <command>pw useradd
+ jsmith</command>.</para>
</sect3>
</sect2>
@@ -1693,16 +1695,16 @@ nis_client_enable="YES"</programlisting>
<programlisting>+:::::::::</programlisting>
- <para>This line configures the client to provide
- anyone with a valid account in the
- <acronym>NIS</acronym> server's password maps an
- account on the client. There are many ways to
- configure the <acronym>NIS</acronym> client by
- modifying this line. One method is described in
- <xref linkend="network-netgroups"/>. For
- more detailed reading, refer to the book
- <literal>Managing NFS and NIS</literal>, published
- by O'Reilly Media.</para>
+ <para>This line configures the client to provide
+ anyone with a valid account in the
+ <acronym>NIS</acronym> server's password maps an
+ account on the client. There are many ways to
+ configure the <acronym>NIS</acronym> client by
+ modifying this line. One method is described in
+ <xref linkend="network-netgroups"/>. For
+ more detailed reading, refer to the book
+ <literal>Managing NFS and NIS</literal>, published
+ by O'Reilly Media.</para>
</step>
<step>
@@ -1856,20 +1858,20 @@ basie&prompt.root;</screen>
<indexterm><primary>netgroups</primary></indexterm>
- <para>Barring specified users from logging on to individual systems
- becomes unscaleable on
- larger networks and quickly loses the main benefit of <acronym>NIS</acronym>:
+ <para>Barring specified users from logging on to individual
+ systems becomes unscaleable on larger networks and quickly
+ loses the main benefit of <acronym>NIS</acronym>:
<emphasis>centralized</emphasis> administration.</para>
<para>Netgroups were developed to handle large, complex networks
with hundreds of users and machines. Their use is comparable
- to &unix; groups, where the main difference is the
- lack of a numeric ID and the ability to define a netgroup by
- including both user accounts and other netgroups.</para>
+ to &unix; groups, where the main difference is the lack of a
+ numeric ID and the ability to define a netgroup by including
+ both user accounts and other netgroups.</para>
<para>To expand on the example used in this chapter, the
- <acronym>NIS</acronym> domain will be extended to add the users
- and systems shown in Tables 28.2 and 28.3:</para>
+ <acronym>NIS</acronym> domain will be extended to add the
+ users and systems shown in Tables 28.2 and 28.3:</para>
<table frame="none" pgwide="1">
<title>Additional Users</title>
@@ -1929,8 +1931,8 @@ basie&prompt.root;</screen>
<entry><hostid>war</hostid>,
<hostid>death</hostid>, <hostid>famine</hostid>,
<hostid>pollution</hostid></entry>
- <entry>Only IT
- employees are allowed to log onto these servers.</entry>
+ <entry>Only IT employees are allowed to log onto these
+ servers.</entry>
</row>
<row>
@@ -1938,9 +1940,8 @@ basie&prompt.root;</screen>
<entry><hostid>pride</hostid>, <hostid>greed</hostid>,
<hostid>envy</hostid>, <hostid>wrath</hostid>,
<hostid>lust</hostid>, <hostid>sloth</hostid></entry>
- <entry>All members of the IT
- department are allowed to login onto these
- servers.</entry>
+ <entry>All members of the IT department are allowed to
+ login onto these servers.</entry>
</row>
<row>
@@ -1960,25 +1961,24 @@ basie&prompt.root;</screen>
</tgroup>
</table>
- <para>When using netgroups to configure this scenario,
- each user is
- assigned to one or more netgroups and logins are then
+ <para>When using netgroups to configure this scenario, each user
+ is assigned to one or more netgroups and logins are then
allowed or forbidden for all members of the netgroup. When
adding a new machine, login restrictions must be defined for
- all netgroups. When a new user is added, the account must be added to
- one or more netgroups. If the <acronym>NIS</acronym> setup is
- planned carefully, only one central configuration file needs
- modification to grant or deny access to machines.</para>
+ all netgroups. When a new user is added, the account must be
+ added to one or more netgroups. If the
+ <acronym>NIS</acronym> setup is planned carefully, only one
+ central configuration file needs modification to grant or deny
+ access to machines.</para>
<para>The first step is the initialization of the
- <acronym>NIS</acronym> <literal>netgroup</literal> map. In &os;,
- this map is not created by default. On the
- <acronym>NIS</acronym> master server, use an editor to create
+ <acronym>NIS</acronym> <literal>netgroup</literal> map. In
+ &os;, this map is not created by default. On the
+ <acronym>NIS</acronym> master server, use an editor to create
a map named <filename>/var/yp/netgroup</filename>.</para>
- <para>This example creates
- four netgroups to represent IT employees, IT apprentices,
- employees, and interns:</para>
+ <para>This example creates four netgroups to represent IT
+ employees, IT apprentices, employees, and interns:</para>
<programlisting>IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
@@ -1986,17 +1986,17 @@ USERS (,echo,test-domain) (,foxtro
(,golf,test-domain)
INTERNS (,able,test-domain) (,baker,test-domain)</programlisting>
- <para>Each entry configures a netgroup. The first column in an entry
- is the name of the netgroup. Each set of brackets represents
- either a group of one or more users or the name of another netgroup.
- When specifying a user, the three comma-delimited fields inside each
- group represent:</para>
+ <para>Each entry configures a netgroup. The first column in an
+ entry is the name of the netgroup. Each set of brackets
+ represents either a group of one or more users or the name of
+ another netgroup. When specifying a user, the three
+ comma-delimited fields inside each group represent:</para>
<orderedlist>
<listitem>
- <para>The name of the host(s) where the other fields representing the user are
- valid. If a hostname is not specified, the entry is valid
- on all hosts.</para>
+ <para>The name of the host(s) where the other fields
+ representing the user are valid. If a hostname is not
+ specified, the entry is valid on all hosts.</para>
</listitem>
<listitem>
@@ -2011,31 +2011,29 @@ INTERNS (,able,test-domain) (,baker,
</listitem>
</orderedlist>
- <para>If a group contains multiple users, separate each user with
- whitespace. Additionally, each field may contain wildcards. See
- &man.netgroup.5; for details.</para>
-
- <indexterm><primary>netgroups</primary></indexterm>
- <para>Netgroup names longer than 8 characters should not be
- used. The names
- are case sensitive and using capital letters for netgroup names
- is an easy way to distinguish between user, machine and
- netgroup names.</para>
-
- <para>Some non-&os; <acronym>NIS</acronym> clients
- cannot handle netgroups containing more than 15
- entries. This limit may be
- circumvented by creating several sub-netgroups with 15 users
- or fewer and a real netgroup consisting of the
- sub-netgroups, as seen in this example:</para>
+ <para>If a group contains multiple users, separate each user
+ with whitespace. Additionally, each field may contain
+ wildcards. See &man.netgroup.5; for details.</para>
- <programlisting>BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...]
+ <indexterm><primary>netgroups</primary></indexterm>
+ <para>Netgroup names longer than 8 characters should not be
+ The names are case sensitive and using capital letters
+ letters for netgroup names is an easy way to distinguish
+ between user, machine and netgroup names.</para>
+
+ <para>Some non-&os; <acronym>NIS</acronym> clients cannot
+ handle netgroups containing more than 15 entries. This
+ limit may be circumvented by creating several sub-netgroups
+ with 15 users or fewer and a real netgroup consisting of the
+ sub-netgroups, as seen in this example:</para>
+
+ <programlisting>BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...]
BIGGRP2 (,joe16,domain) (,joe17,domain) [...]
BIGGRP3 (,joe31,domain) (,joe32,domain)
BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3</programlisting>
- <para>Repeat this process if more than 225 (15 times 15) users exist
- within a single netgroup.</para>
+ <para>Repeat this process if more than 225 (15 times 15) users
+ exist within a single netgroup.</para>
<para>To activate and distribute the new
<acronym>NIS</acronym> map:</para>
@@ -2046,9 +2044,9 @@ ellington&prompt.root; <userinput>make</
<para>This will generate the three <acronym>NIS</acronym> maps
<filename>netgroup</filename>,
<filename>netgroup.byhost</filename> and
- <filename>netgroup.byuser</filename>. Use the map key option of &man.ypcat.1; to
- check if the new <acronym>NIS</acronym> maps are
- available:</para>
+ <filename>netgroup.byuser</filename>. Use the map key option
+ of &man.ypcat.1; to check if the new <acronym>NIS</acronym>
+ maps are available:</para>
<screen>ellington&prompt.user; <userinput>ypcat -k netgroup</userinput>
ellington&prompt.user; <userinput>ypcat -k netgroup.byhost</userinput>
@@ -2056,14 +2054,13 @@ ellington&prompt.user; <userinput>ypcat
<para>The output of the first command should resemble the
contents of <filename>/var/yp/netgroup</filename>. The second
- command only produces output if
- host-specific netgroups were created. The third command is used to get
- the list of netgroups for a user.</para>
-
- <para>To configure a client, use &man.vipw.8; to specify the name
- of the netgroup. For example, on the server named
- <hostid>war</hostid>, replace this
- line:</para>
+ command only produces output if host-specific netgroups were
+ created. The third command is used to get the list of
+ netgroups for a user.</para>
+
+ <para>To configure a client, use &man.vipw.8; to specify the
+ name of the netgroup. For example, on the server named
+ <hostid>war</hostid>, replace this line:</para>
<programlisting>+:::::::::</programlisting>
@@ -2073,38 +2070,38 @@ ellington&prompt.user; <userinput>ypcat
<para>This specifies that only the users defined in the netgroup
<literal>IT_EMP</literal> will be imported into this system's
- password database and only those users
- are allowed to login to this system.</para>
+ password database and only those users are allowed to login to
+ this system.</para>
<para>This configuration also applies to the
- <literal>~</literal> function of the shell and all routines which
- convert between user names and numerical user IDs. In
+ <literal>~</literal> function of the shell and all routines
+ which convert between user names and numerical user IDs. In
other words,
<command>cd ~<replaceable>user</replaceable></command> will
not work, <command>ls -l</command> will show the numerical ID
- instead of the username, and
- <command>find . -user joe -print</command> will fail with the message
+ instead of the username, and <command>find . -user joe
+ -print</command> will fail with the message
<errorname>No such user</errorname>. To fix this, import all
- user entries without allowing them to login into the
- servers. This can be achieved by adding an extra line:</para>
-
+ user entries without allowing them to login into the servers.
+ This can be achieved by adding an extra line:</para>
+
<programlisting>+:::::::::/sbin/nologin</programlisting>
- <para>This line configures the client to
- import all entries but to replace the shell in those entries with
+ <para>This line configures the client to import all entries but
+ to replace the shell in those entries with
<filename>/sbin/nologin</filename>.</para>
<!-- Been there, done that, got the scars to prove it - ue -->
- <para>Make sure that extra line
- is placed <emphasis>after</emphasis>
- <literal>+ at IT_EMP:::::::::</literal>. Otherwise, all user
- accounts imported from <acronym>NIS</acronym> will have
- <filename>/sbin/nologin</filename> as their login
- shell and noone will be able to login to the system.</para>
-
- <para>To configure the less important servers,
- replace the old <literal>+:::::::::</literal>
- on the servers with these lines:</para>
+ <para>Make sure that extra line is placed
+ <emphasis>after</emphasis>
+ <literal>+ at IT_EMP:::::::::</literal>. Otherwise, all user
+ accounts imported from <acronym>NIS</acronym> will have
+ <filename>/sbin/nologin</filename> as their login
+ shell and noone will be able to login to the system.</para>
+
+ <para>To configure the less important servers, replace the old
+ <literal>+:::::::::</literal> on the servers with these
+ lines:</para>
<programlisting>+ at IT_EMP:::::::::
+ at IT_APP:::::::::
@@ -2117,18 +2114,18 @@ ellington&prompt.user; <userinput>ypcat
+ at USERS:::::::::
+:::::::::/sbin/nologin</programlisting>
- <para>NIS supports the creation of netgroups from other netgroups which
- can be useful if the policy regarding user access changes. One possibility is
- the creation of role-based netgroups. For example, one might
- create a netgroup called <literal>BIGSRV</literal> to define
- the login restrictions for the important servers, another
- netgroup called <literal>SMALLSRV</literal> for the less
- important servers, and a third netgroup called
- <literal>USERBOX</literal> for the workstations. Each
- of these netgroups contains the netgroups that are allowed to
- login onto these machines. The new entries for the
- <acronym>NIS</acronym> <literal>netgroup</literal> map would look like
- this:</para>
+ <para>NIS supports the creation of netgroups from other
+ netgroups which can be useful if the policy regarding user
+ access changes. One possibility is the creation of role-based
+ netgroups. For example, one might create a netgroup called
+ <literal>BIGSRV</literal> to define the login restrictions for
+ the important servers, another netgroup called
+ <literal>SMALLSRV</literal> for the less important servers,
+ and a third netgroup called <literal>USERBOX</literal> for the
+ workstations. Each of these netgroups contains the netgroups
+ that are allowed to login onto these machines. The new
+ entries for the <acronym>NIS</acronym>
+ <literal>netgroup</literal> map would look like this:</para>
<programlisting>BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
@@ -2142,9 +2139,9 @@ USERBOX IT_EMP ITINTERN USERS</progra
required.</para>
<para>Machine-specific netgroup definitions are another
- possibility to deal with the policy changes. In
- this scenario, the <filename>/etc/master.passwd</filename> of
- each system contains two lines starting with <quote>+</quote>.
+ possibility to deal with the policy changes. In this
+ scenario, the <filename>/etc/master.passwd</filename> of each
+ system contains two lines starting with <quote>+</quote>.
The first line adds a netgroup with the accounts allowed to
login onto this machine and the second line adds all other
accounts with <filename>/sbin/nologin</filename> as shell. It
@@ -2210,39 +2207,40 @@ TWO (,hotel,test-domain)
<indexterm>
<primary>NIS</primary>
- <secondary>password formats</secondary>
+ <secondary>password formats</secondary>
</indexterm>
<para><acronym>NIS</acronym> requires that all hosts within an
- <acronym>NIS</acronym> domain use the same format for encrypting passwords.
- If users have trouble authenticating on an
- <acronym>NIS</acronym> client, it may be due to a differing password format.
- In a heterogeneous network, the format must be supported by all operating systems, where
- <acronym>DES</acronym>
- is the lowest common standard.</para>
-
- <para>To check which format a server or client is using,
- look at this section of <filename>/etc/login.conf</filename>:</para>
+ <acronym>NIS</acronym> domain use the same format for
+ encrypting passwords. If users have trouble authenticating on
+ an <acronym>NIS</acronym> client, it may be due to a differing
+ password format. In a heterogeneous network, the format must
+ be supported by all operating systems, where
+ <acronym>DES</acronym> is the lowest common standard.</para>
+
+ <para>To check which format a server or client is using, look
+ at this section of
+ <filename>/etc/login.conf</filename>:</para>
<programlisting>default:\
:passwd_format=des:\
:copyright=/etc/COPYRIGHT:\
[Further entries elided]</programlisting>
- <para>In this example, the system is using the <acronym>DES</acronym>
- format. Other possible values are
- <literal>blf</literal> for Blowfish and <literal>md5</literal> for
- MD5 encrypted passwords.</para>
-
- <para>If the format on a host needs to be edited to match the one
- being used in the <acronym>NIS</acronym> domain,
- the login capability
- database must be rebuilt after saving the change:</para>
+ <para>In this example, the system is using the
+ <acronym>DES</acronym> format. Other possible values are
+ <literal>blf</literal> for Blowfish and <literal>md5</literal>
+ for MD5 encrypted passwords.</para>
+
+ <para>If the format on a host needs to be edited to match the
+ one being used in the <acronym>NIS</acronym> domain, the
+ login capability database must be rebuilt after saving the
+ change:</para>
<screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
<note>
- <para>The format of passwords for existing user accounts will not be updated
- until each user changes their password
+ <para>The format of passwords for existing user accounts will
+ not be updated until each user changes their password
<emphasis>after</emphasis> the login capability database is
rebuilt.</para>
</note>
@@ -3073,7 +3071,7 @@ dhcpd_ifaces="dc0"</programlisting>
separate network. If this functionality is required,
then install the
<filename role="package">net/isc-dhcp42-relay</filename>
- port. The port installs &man.dhcrelay.8;, which
+ port. The port installs &man.dhcrelay.8;, which
provides more detail.</para>
</listitem>
</itemizedlist>
More information about the svn-doc-all
mailing list