Date: Sat, 20 May 2006 10:10:11 -0700 From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: Setting up NIS questions? Message-ID: <20060520171011.GB54239@troutmask.apl.washington.edu> In-Reply-To: <446F44D1.6040104@mac.com> References: <20060519224819.GA48412@troutmask.apl.washington.edu> <6.0.0.22.2.20060519175424.02689218@mail.computinginnovations.com> <20060520160842.GA53996@troutmask.apl.washington.edu> <446F44D1.6040104@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote:
> Steve Kargl wrote:
> >I can't even get NIS set up with ypinit. It unconditionally
> >uses /bin/hostname, which will grab the FQDN of the system.
> >You have given me an idea. I can change rc.conf to set hostname
> >to the name I've given 192.168.0.10, put that on bge0, put
> >the IP address associated with the FQDN on bge1, and reboot.
> >This might permit NIS to come up. Though this seems like a hack,
> >because when someone connects to the seem via the FQDN,
> >/bin/hostname will give the wrong answer.
>
> Associating the ypdomain with the FQDN from the DNS is convenient, and a
> convention that many follow, but it is not required, by any means. The
> O'Reilly "Managing NIS and NFS" book is a fine reference on this sort of
> thing, BTW, and is probably available online in PDF form if you look.
Thanks for the pointer. I'll go looking for this book.
> Nevertheless, YP/NIS predates many of the more convoluted network
> designs that people set up nowadays, and was intended for machines which
> have a single identity even if they have multiple NICs-- Sun used to
> assign the same MAC address to all NICs on one machine, to ensure that
> people respected collision domains.
I don't see how this is convoluted. In fact, I would be inclined
to claim that it is the defacto method for setting up an internal
computational cluster
s <---> node1
internet <-F-> FQDN|master <---> w <---> node2
t <---> node3
where swt = switch.
> It is not normally desirable to set up a YP/NIS master server on
> a machine which is multihomed in the sense of doing NAT or needing
> a firewall to separate internal from external, and obvious a
> firewall machine running zero or the minimal necessary services is
> a lot more secure....
Note that <-F-> actually has at least one firewall. Only people in
the apl.washington.edu domain can get to FQDN. I was hoping to
use NIS to simplify the propagation of info (eg., passwd, hosts,
etc.) from master to the nodes. Propagating the info by hand
isn't too bad because I only have five nodes represently. However,
I hope to grow an additional 11 nodes.
--
Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060520171011.GB54239>