[SunHELP] NIS security question...

Tim Longo tlongo at avaya.com
Thu Mar 6 10:52:04 CST 2003


Hi,

I do this by disabling all telnet, rlogin etc on the mail server.  Then
I enable ssh using tcp wrapper.  In the tcp wrapper, I only allow admin
accounts to login.  This prevents anyone else from logging into the mail
server. Sendmail allows clients to connect which in turn mounts home
directories for procmail etc (assuming home directories are mounted from
the network).  Finally, I export /var/mail on the mail server, and allow
it to be automounted on clients, so when users log into client machines,
they can access their spool file without logging into the mail server
itself.


On Thu, 2003-03-06 at 11:00, Matt Goebel wrote:
> Hello,
> 
>   I'm setting up a nis/nfs server, and a couple of clients.  My question
> is how do I configure the server to recognize the users for purposes
> of recieving email, but not allow them to login.  I only want the users
> to be able to log into the clients.  
>   I've been looking at using the compat option in nsswitch.conf for 
> passwd and group.  If I'm reading the docs correctly then I will have 
> to keep entries for each user in the nis files, and the various /etc 
> files, with the /etc/passwd entry for each user having /dev/null for 
> the shell?
>   This is with Solaris 8 on all of the boxes.
> 
> Thanks for any help,
> Matt


More information about the SunHELP mailing list