Secure Unix LAN (NIS and Kerberized NFSv4)

Managing users

by ross at 17:20:00 on March 20, 2014

Adding a user

Login to master server and create a local user:

# pw useradd testuser1 -m -s /bin/tcsh

Copy the user to NIS master.passwd:

# cat /etc/master.passwd | grep testuser1 >> /var/yp/master.passwd

Verify the file, at the end of it there should be a line:

testuser1:*:1018:1018:standard:0:0:User &:/home/testuser1:/bin/tcsh

if everything is fine update NIS maps:

# make -C /var/yp

Now set the password for the user (used to login to master server):

# passwd testuser1

You can skip the step above if you don't want the user to login to master server.

And create Kerberos principal:

# kadmin
kadmin> add testuser1
root/admin@LAN's Password: 
Max ticket life [3 days]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
testuser1@LAN's Password: 
Verifying - testuser1@LAN's Password: 

Now the user can change his password on master server by running passwd there and Kerberos password by running kpasswd anywhere on the LAN.

Deleting a user

Login to master server:

# pw userdel testuser1 -r
Warning: the following command will delete "testuser1" line without a backup
# sed -i'' -e '/testuser1/d' /var/yp/master.passwd
# make -C /var/yp
# kadmin
kadmin> del testuser1
root/admin@LAN's Password: