NIS

I was looking over an implementation uses NIS and NFS shared home directories on a ZFS filesystem from a "file server" box (all solaris environment) so that a user can log on to other boxes and have the same home directory and share a common login/password file.

One problem, however, is NIS is considered insecure because, among other reasons, it sends the password hash from the shadow file unencrypted over the network. There are ways to minimize this and various sources mention (and I'm also looking at) using NIS+, LDAP, or Kerberos as an alternative.

The issue of specifying which systems which users can log into can be managed by a file /etc/netgroup on the NIS master that gets mapped out via NIS, and these group names can be used in the /etc/passwd file. For instance, a netgroup admins was created with only certain users belonging to it and on a NIS client system to configure it so that only users of that group can authenticate via NIS you would see at the end of /etc/passwd: +@admins:::::: +::::::/bin/false

The "+@" part specifies that it's a netgroup and not just the standard NIS password map (which would just be "+" like the last line), and the last line  the /bin/false stops any other NIS authentication (they actually instead of /bin/false had it run a script to say "not authorized"). If you wanted to allow anyone from the NIS password file to be able to log onto a system, you'd just add at the end of the /etc/passwd file: +::::::

To share a common NIS mapping of /etc/group, the end of /etc/group on the client would be the line: +:::

The automounter is utilized to mount the home directories from the NIS master server (and file server) where it has the line in its /etc/auto_home file that gets mapped out via a NIS map  of: *      :/zp01/home/& where " is the name of the NFS/NIS master, and the home directories are made as individual ZFS filesystems with "sharenfs=true" set. This gets picked up and used on the clients in their /etc/auto_home with the line :  +auto_home which says use NIS map "auto_home" which is above.