NIS+ w/ level 2 authentication for linux
----------------------------------------

I maintain three Sun workstations that share information using NIS+ with level
2 authentication.  In order to allow the Linux boxes we had to share password
files & such, I upgraded nys a bit, along with recompiling and upgrading a few
other utilities.  This package is the result.
The main thing I changed in nys was to add support for the publickey entry in
/etc/nsswitch.conf (i.e. from files or NIS+, not just NIS).  I also fixed a
few little bugs, and probably added some of my own.  Since I have no idea what
I'm doing, my solutions for these problems may be totally wrong, but they
appear to work adequately for my purposes (i.e. allowing my Sun users to log
into Linux machines).

The following packages were used for original sources (from sunsite.unc.edu
/pub/Linux/... if not specified)

GCC/libc-4.6.27.tar.gz			libc source (with nys support)
GCC/inc-4.6.27.tar.gz			libc includes
ftp.lysator.liu.se:/pub/NYS/libs/nys-0.27.4.tar.gz
					nys (to be extracted under libc-linux)
ftp.x.org:/pub/R6untarred/xc/programs/xdm.tar.gz
					xdm
X11/xutils/xdm.taz			older (R5?) version of xdm
system/Admin/login/poeigl-1.29.tar.gz	login
apps/math/calc2.9.3t8.tgz		large number math library
ftp.cdrom.com:/pub/FreeBSD/FreeBSD-current/src/secure/lib/secure_rpc.tar.gz
					keyserv, etc.
system/Misc/mount/amd920824upl67.tar.gz	automount daemon

The nys distribution is meant to be untarred from within the libc-linux
directory (read README.nys in libc-linux for more info).

The items not available on sunsite may have been uploaded there by the time
you read this..

The following patches are included (they are all to be applied in the
directory in which the tar file was extracted w/ patch -sEp):

libc.patch	the main patch for NIS+ & file-based public keys
xdm.patch	simple patch to xdm to get rid of rpcsvc library
login.patch	keylogin functionality added to login (poeigl)
amd.patch	Sun auto_home support added & signal handling bug fixed

The file "bin.tar.gz" is to be untarred in /.  WARNING:  look at what's
contained in the archive before extracting it.  You may want to make backups
of appropriate binaries before just blindly extracting..  Also, you will
probably need to add some authorization to unix.linuxhost.domain. on the
server side, or you will not be able to read the passwords.

The following changes will then need to be made to your system:

1) You will also need to add (or was it change?) the line:
   #define HasSecureRPC	YES
   in /usr/lib/X11/config/linux.cf before compiling xdm.

2) You will need to set up nys.  This involves editing /etc/nis.conf and
   /etc/nsswitch.conf.

3) You will need to run ldconfig to register the new libc.

4) You will need to run keyserv.  I added the following lines to
   /etc/rc.d/rc.inet2 after starting the portmapper:
	# Start the SUN SecureRPC keyserver.
	if [ -f ${NET}/keyserv ]
	then
	 echo -n " keyserv"
	 ${NET}/keyserv
	fi

5) If you want the auto_home feature, you need to run amd.  I add this at
   the end of my /etc/rc.d/rc.inet2:
	# Start the BSD 4.4 automount daemon
	# This is just for /home
	if [ -f ${NET}/amd ]
	then
	 echo -n " amd"
	 ${NET}/amd -r -l /dev/null /home auto_home
	fi
  You may also need to mkdir /a, and obviously you'll need to set up the /home
  directory.

Know Bugs:
- sometimes nys will think the server's down & will retry forever
- no support for writing to remote nis+ databases
- no support for many other nis+ databases (netmasks, bootparams, netgroup,
  etc.)
- libc will sometimes need 2 or more compiles 'till it compiles successfully.
- I have no clue what I'm doing...

-----------------------------------------------------------------------------
Thomas J. Moore, ex Amiga Developer| My brain seriously needs an OS upgrade..
inet:  dark@mama.indstate.edu      | Must .... Kill .... Bugs.... AAARRRGGHHH
-----------------------------------------------------------------------------
