Date: Sat, 11 Dec 2004 01:33:43 -0500 From: Chuck Swiger <cswiger@mac.com> To: Vulpes Velox <v.velox@vvelox.net> Cc: freebsd-questions@freebsd.org Subject: Re: NIS and non-NIS question Message-ID: <41BA94C7.7050206@mac.com> In-Reply-To: <20041210232230.6c27aa92@vixen42.24-119-122-191.cpe.cableone.net> References: <20041210232230.6c27aa92@vixen42.24-119-122-191.cpe.cableone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Vulpes Velox wrote: > I have a box I want to rework to allow it to operate outside a NIS > enviroment when outside my LAN and use NIS and NFS when it is not. Any > suggestions on how to go about this? Set up a cron job to invoke a shell script which rsync's your YP master's password file (and /etc/group, and anything else you might care about) when you are on your LAN, and not if you are not, every X minutes. Have it run pwd_mkdb too. Maybe add a little awk or perl magic spice to add or screen out a range of userid's. Then disable NIS and rely on plain old flatfiles. If you use rsync-via-ssh (which is now the default behavior), the process above will transmit sensitive password data with considerably more security than you get when using plain NIS. On the other hand, if you are running NFS, you risk profile against someone who can sniff your local subnet isn't significantly altered, so don't worry too much about this, but the issue of security is worth considering at least a little. For NFS, you might give the automounter (see "man amd") a try. So long as you don't descend into a mount point deliberately (or accidentally via recursion using find, grep, etc), the machine will not actually attempt to NFS-mount the remote filesystem. For that matter, you might even consider switching models of operation to using CIFS/samba instead of NFS. Oddly enough, even though NFS is a stateless remote filesharing system by design, it's pretty easy to wedge a lot of important processes if an NFS share becomes not available. MacOS X seems to tolerate CIFS shares going away better than it handles NFS going away, and FreeBSD might well be similar. (I haven't exhaustively tested either problem case *deliberately*, mind you...! :-) -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41BA94C7.7050206>