User Accounts, Creating a New User, Changing Password, Quotas, Authentication and Admin-Objects

User account data is managed using NIS/YP home-directory and shell are found here; authentication is via LDAP --- password entries in NIS/YP are placeholders only. Quotas are implemented --- each user has a quota for their home directory, mail directory and scratch-space. User accounts are administered by using Admin-Objects.

NIS/YP

User account data is managed using NIS/YP --- data files:

    /var/yp/ypfiles/passwd
    /var/yp/ypfiles/auto_home
    /var/yp/ypfiles/security/passwd.adjunct

The corresponding entries in /etc/nisswitch.conf are:

    passwd:     files nis ldap 
    # passwd:     files nis [TRYAGAIN=5]

    group:      files nis
    automount:  files nis

Authentication: LDAP/eUMIST

Authentication is via the LDAP/eUMIST system --- see this for details of the LDAP implementation and configuration on Cosmos.

Note that the nscd daemon is not running on Cosmos --- it was removed for simplicity when implementing LDAP/eUMIST. Should robustness or speed necessitate its restoration this should not cause a problem.

The entries in /var/yp/ypfiles/security/passwd are used as place-holders only at present but could be used as a fallback authentication service (this has been tested and confirmed to work on Eric).

For eUMIST/LDAP authentication for a given account to succeed via the PAM libraries on Cosmos the corresponding Netware account must have certain attributes --- see the NDS bit in here. These are added to an account by a script soon after said account is given a Cosmos entry in the URS.

Changing Password

Users should use the appropriate eUMIST Web page to change their password.

The passwd and yppasswd utilities on Cosmos do not understand the passwd: entry in etc/nsswitch.conf and refuse to act. A work around is to temporarily delete the ldap part of the entry in nsswitch.conf, change the password and then restore the entry, but this is not to be recommended as users will not be able to authenticate with eUMIST usernames/passwords at this time!

Quotas

Quotas are in use on Cosmos. Each user has a quota for their home-directory, mail-directory and scratch-space, for example:

  quota -v mpciish2
  Disk quotas for mpciish2 (uid 17315):
  Filesystem     usage   quota   limit  timeleft  files  quota  limit  timeleft
  /var/mail         12   20000   22000                1    100    110    
  /scratch           0 1000000 2000000                0  10000  30000        
  /export/u06  2701914 3134000 3447400     

Data is held in the files

    /usr/sbin/edquota

Quotas can be changed via /usr/sbin/edquota (or by using Admin-Objects). See the man page for details.

Creating a New User

The steps in creating a new user are as follows:

1. Create a Cosmos Account in the URS for the given user --- this will magically cause Cornelis (or Lee) to run a script which will give the users' account the necessary attributes in the NDS. (The absence of a red warning on the user's URS page confirms that such magic has taken place.)
   
   
2. mkdir, chown and chgrp a home-directory for the user under /export/u0?.
   
   
3. Append entries for the user in /var/yp/ypfiles/passwd, /var/yp/ypfiles/auto_home (pointing to the directory just created) and /var/yp/ypfiles/security/passwd.adjunct; then run the NIS/YP makefile, e.g.,

           cd /var/yp
           /usr/ccs/bin/make 
       

   
   
   
4. Set a quotas for the user (home, mail and scratch).

Admin-Objects

User-related administrative tasks including creating new accouts and changing quotas can be simplified by using Admin Objects.