From owner-freebsd-questions@FreeBSD.ORG Sat Dec 13 09:18:34 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86F161065672 for ; Sat, 13 Dec 2008 09:18:34 +0000 (UTC) (envelope-from talon@lpthe.jussieu.fr) Received: from shiva.jussieu.fr (shiva.jussieu.fr [134.157.0.129]) by mx1.freebsd.org (Postfix) with ESMTP id 1C3DE8FC1B for ; Sat, 13 Dec 2008 09:18:33 +0000 (UTC) (envelope-from talon@lpthe.jussieu.fr) Received: from parthe.lpthe.jussieu.fr (parthe.lpthe.jussieu.fr [134.157.10.1]) by shiva.jussieu.fr (8.14.3/jtpda-5.4) with ESMTP id mBD98O3A033165 for ; Sat, 13 Dec 2008 10:08:24 +0100 (CET) X-Ids: 164 Received: from niobe.lpthe.jussieu.fr (niobe.lpthe.jussieu.fr [134.157.10.41]) by parthe.lpthe.jussieu.fr (Postfix) with ESMTP id F229389DD2 for ; Sat, 13 Dec 2008 10:08:22 +0100 (CET) Received: by niobe.lpthe.jussieu.fr (Postfix, from userid 2005) id DA33D3D; Sat, 13 Dec 2008 10:08:22 +0100 (CET) Date: Sat, 13 Dec 2008 10:08:22 +0100 From: Michel Talon To: freebsd-questions@freebsd.org Message-ID: <20081213090822.GA97581@lpthe.jussieu.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (shiva.jussieu.fr [134.157.0.164]); Sat, 13 Dec 2008 10:08:24 +0100 (CET) X-Virus-Scanned: ClamAV 0.94.2/8751/Sat Dec 13 04:47:53 2008 on shiva.jussieu.fr X-Virus-Status: Clean X-Miltered: at jchkmail2.jussieu.fr with ID 49435F8C.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 49435F8C.002/134.157.10.1/parthe.lpthe.jussieu.fr/parthe.lpthe.jussieu.fr/ X-j-chkmail-Score: MSGID : 49435F8C.002 on jchkmail2.jussieu.fr : j-chkmail score : . : R=. U=. O=. B=0.022 -> S=0.022 X-j-chkmail-Status: Ham Subject: Re: Centralized DB of "system" users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 09:18:34 -0000 Lowell Gilbert wrote: NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of UNIX (originally SunOS) systems. It has now essentially become an industry standard; all major UNIX like systems (Solaris, HP-UX, AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. I work i am in a mostly Linux shop managed by NIS. However my machines are under FreeBSD and i have no problem getting the NIS info. The only gotcha is that, under Linux you have 2 files for passwds /etc/passwd and /etc/shadow, while under FreeBSD you have just one /etc/master.passwd. So you need to run NIS in compatibility mode on the Linux server, so that passwd and shadow are "concatenated". Securitywise it is the same since in any case the shadow information flows on the wire, ready to be captured by a scannner. The main problem with NIS, in my opinion, is that, when the NIS server(s) are down (it always occur once or twice a year here), all the clients are completely frozen immediately, so if you want high availability, better copy the passwd files on each client directly and not use a network server like that. Our previous sysadm had written a couple of replication scripts which worked very well this way. The present one reverted to NIS with this small inconvenient. Replication requires that you only modify passwd files on the server, like with NIS, and then, as soon as a modification is detected, files are propagated on all clients. This is extremely easy to achieve, and *much* more efficient, networkwise than using a thing like NIS or LDAP, where each client is constantly polling the server to get information about home directories, tilde expansions,etc. -- Michel TALON