First, the situation and reason for my question:
We have a really heterogenous network here with Linux, Solaris, Windows
2000, Mac OS 9 and Mac OS X machines here. So far, we had only Linux
servers and clients were able to access netatalk and samba services. We
hold users in a standard shadow password file on the fileserver with all
accounts. The passwords are only stored in samba's smbpasswd, pam_smb
allows netatalk to authenticate users against this file / our samba server.
No, I get real unix clients into the net. Fine, I have nis and nfs. But for
security, I have set all users' shells to /bin/false on the fileserver, as
they don't need a shell there. On the other hand, they should have a shell
on unix clients. And on one of these clients, I want to make a special
"program" to become the users shell. So while I need to get user
information from the file servers shadow file via nis, I need different
shell-settings on clients and servers for my users.
My first idea is to create a link /bin/netusershell, and make it point to
/bin/false on the fileserver, to /bin/bash on the unix clients and to
/bin/startsession on my "special" client (I want to use a script that
allows tcp/ip-connections from our wireless lan by altering iptables, so
that a user logs in via ssh, gets the "shell" which is a script allowing
tcp/ip-packets from his ip/mac).
Is there a better way? As you see, I'm quite new to nis, as I didn't need
it so far.
Thank You for any help and hints, CU, Lars O.Grobe.
Rechnerpool - www.rechnerpool.com
students' computer lab at the dept. of architecture,
University of Technology Darmstadt, Germany