From owner-freebsd-questions@FreeBSD.ORG Thu Jan 27 20:09:08 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE29F16A4CE for ; Thu, 27 Jan 2005 20:09:08 +0000 (GMT) Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es [62.174.254.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 552A143D2F for ; Thu, 27 Jan 2005 20:09:08 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.0.32] (charm.daemonsecurity.com [192.168.0.32]) by top.daemonsecurity.com (Postfix) with ESMTP id 0A9BAFD068; Thu, 27 Jan 2005 21:09:07 +0100 (CET) Message-ID: <41F94A5E.6020502@locolomo.org> Date: Thu, 27 Jan 2005 21:09:02 +0100 From: Erik Norgaard User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050127 X-Accept-Language: en, en-us, da, it, es MIME-Version: 1.0 To: Jason Lieurance References: <3388.192.168.1.150.1106853833.squirrel@vipersystems.biz> In-Reply-To: <3388.192.168.1.150.1106853833.squirrel@vipersystems.biz> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Syncing 3 Freebsd servers' accounts Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 20:09:09 -0000 Jason Lieurance wrote: > I have 3 freebsd servers(4.7,4.9,5.3) and would like to have 1 set of user/group > accounts instead of 3. I don't know very much about NIS or LDAP which come up when I > researched the topic. So what is the easiest, cheapest(free), and best way to > accomplish this??? Just to counter other post - this seems to be partly a matter of taste and what you know :-) - every book I have read, and every advice I have gotten: Don't use NIS unless you absolutely have to - and this goes in particular for NIS+. That said (somewhat religous, sorry :-) LDAP is a good choice for many other reasons, the main one that the use can be extented beyond what you are currently trying to do. - LDAP namespace coincides with SSL certificates - LDAP scales well - LDAP is extensible - LDAP is an open protocol rfc3377 - LDAP can easily be filtered by your firewall - LDAP integrates well(?) with windows (or better than NIS) - LDAP is more hype ... While you might not need these things for your home network, they may just be what gets you a job some day. Whereas - NIS is proprietary protocol developed by Sun - NIS is an rpc-service, imposible or at best difficult to filter - NIS is being replaced by LDAP everywhere rfc2307 ... OK, I admit, I have followed the advice I have gotten, and never sat down and really tried to do something with NIS. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2