Date: Sat, 13 Dec 2008 10:08:22 +0100 From: Michel Talon <talon@lpthe.jussieu.fr> To: freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users Message-ID: <20081213090822.GA97581@lpthe.jussieu.fr>
next in thread | raw e-mail | index | archive | help
Lowell Gilbert wrote: NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of UNIX (originally SunOS) systems. It has now essentially become an industry standard; all major UNIX like systems (Solaris, HP-UX, AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. I work i am in a mostly Linux shop managed by NIS. However my machines are under FreeBSD and i have no problem getting the NIS info. The only gotcha is that, under Linux you have 2 files for passwds /etc/passwd and /etc/shadow, while under FreeBSD you have just one /etc/master.passwd. So you need to run NIS in compatibility mode on the Linux server, so that passwd and shadow are "concatenated". Securitywise it is the same since in any case the shadow information flows on the wire, ready to be captured by a scannner. The main problem with NIS, in my opinion, is that, when the NIS server(s) are down (it always occur once or twice a year here), all the clients are completely frozen immediately, so if you want high availability, better copy the passwd files on each client directly and not use a network server like that. Our previous sysadm had written a couple of replication scripts which worked very well this way. The present one reverted to NIS with this small inconvenient. Replication requires that you only modify passwd files on the server, like with NIS, and then, as soon as a modification is detected, files are propagated on all clients. This is extremely easy to achieve, and *much* more efficient, networkwise than using a thing like NIS or LDAP, where each client is constantly polling the server to get information about home directories, tilde expansions,etc. -- Michel TALON
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081213090822.GA97581>