I was really disappointed with this one. It sounds like in UNIX you can not map
user names on one system to different user names on another. There are a few
sight specific reasons that I have to do this. One of the major ones is the
several different operating systems that we run here that do not use the same
rules for users names, nor passwords.
I'm not sure what I am going to do for our rsh needs. For our file sharing needs
I might see if I can get some of the SAMBA tools to do the job, but this doesn't
sound very promising.
Thank you all for your time.
Below is the original post followed by the two replies I got.
HBW wrote:
> Hello Tru64 managers -
>
> I hope this is an easy one, but I'm not seeing it in the unix
> documentation.
>
> We have several multi user machines in our network. Because of several
> off the shelf applications the user / group id's don't match up.
>
> If a unix user needs to nfs mount onto our OpenVMS box I can map the
> unix user's id to a OpenVMS user id. For example on system unix_box I
> have user howard with uid of 300 group id of 300. On system VMS_box
> that user is howe with uid of 53 and group id of 475.
>
> In OpenVMS I would do something like ...
>
> $ ucx add proxy howe /gid=300 /uid=300 /host=unix_box
> /remote_user=howard /nfs=incoming
>
> this would allow the user with a group id of 300 and user id of 300 on
> unix_box to have access to everything that user howe has on VMS_box.
> This syntax might be wrong but you get the ideal.
>
> How do I do this going from a unix node to another unix node?
>
> Thank you for your time.
>
> --
>
> H. Blakely Williford | Men never do evil so completely & cheerfully
> Systems Programer/Administrator | as when they do it with religious conviction.
> The Fuller Brush Company | - Blaise Pascal
Subject: Re: proxy database like OpenVMS's.
Date: Tue, 08 Jun 99 11:17:47 -0600
From: alan_at_nabeth.cxo.dec.com
To: HBW <blakew_at_fullerbrush.com>
I don't think there is way to do this for the UNIX systems. The
expectation on those is that you use something to create a common
password file that all the systems use; NIS for example.
--------------
Subject: Re: proxy database like OpenVMS's.
Date: Tue, 8 Jun 1999 19:24:26 +0200 (MET DST)
From: Lucio Chiappetti <lucio_at_ifctr.mi.cnr.it>
To: HBW <blakew_at_fullerbrush.com>
On Tue, 8 Jun 1999, HBW wrote:
> If a unix user needs to nfs mount onto our OpenVMS box I can map the
> unix user's id to a OpenVMS user id. For example on system unix_box I
> $ ucx add proxy howe /gid=300 /uid=300 /host=unix_box
> /remote_user=howard /nfs=incoming
I used UCX proxies back at the times we had a Vax, so I'm familiar with the
concept, but I thought it was quite of a hassle to have to set up a proxy for
each new account (we had regularly accounts for the same person on VMS and
Unix ... but we had to set up a proxy for each ... irrespective of uid/gid)
> How do I do this going from a unix node to another unix node?
I'm not aware of any straight method controlled by the administrator.
Actually we could not resist one day after we got our second Unix w/s (back in
1990) without NIS. This way all our Unix users have ONE account on all Unix
machines, and we do not have to update many passwd files.
The only thing we have to take care is that no uid in use for a NIS account is
used for private accounts (we have a few restricted to a single machine), and
also that no private accounts have the same username as a NIS username ...
... and also to take protections wrt outside occasional intruders.
We noticed in fact that if at someplace there is an user e.g. lucio, he could
rlogin on our systems without password, just because an username lucio existed
on our systems. Of course we did not like that, and we banned it, by
appropriate use of the hosts.equiv and .rhosts files.
But I suppose that some judicious editing of the same files can allow you to
declare "equivalent" users with the same username on different machines of
your domain, and still ban access to outside users with the same name.
See man pages for hosts.equiv, .rhosts or rlogin. It's in there somewhere.
--
H. Blakely Williford | Men never do evil so completely & cheerfully
Systems Programer/Administrator | as when they do it with religious conviction.
The Fuller Brush Company | - Blaise Pascal
Received on Thu Jun 10 1999 - 15:14:50 NZST