In a message dated: Wed, 16 Jan 2002 19:48:59 CST
Charles Clancy said:
>I suggest getting a good book on NIS (perhaps NSS and PAM too).
Does one exist? The only one I know of is the O'Reilly NIS/NFS book,
which is good, but very geared towards Sun environments (although
rumor has it that it's recently been updated).
>I also suggest you use ANYTHING but NIS. NIS+ and LDAP are infinitely
>better when it comes to the security aspects of name service.
>From a security perspective, I'll grant you that NIS is horrible, but
from a management perspective, NIS+ and LDAP appear to a lot worse.
That, and AFAIK, there is no NIS+ implementation for Linux.
Besides, why would you *want* to use something which the developers
themselves (Sun) have all but abandoned and don't use?
As far as LDAP? I keep hearing that it's the next best thing, but
there don't seem to many tools for using it in a large scale
enterprise environment. There are some out there, but it seems that
they're slow in coming. And man is that record format overly verbose
and tedious to deal with!
Nah, even for all it's insecurities, I like NIS. It easy to deal
with and simple to manage. And if you really need the security, then
just use something like rdist or rsync to push around the
passwd/shadow maps. If you're in an all Linux/Unix environment, it's
trivial to create a sysVinit script that pulls down the most recent
files at boot time.
--
Seeya,
Paul
----
God Bless America!
If you're not having fun, you're not doing it right!
...we don't need to be perfect to be the best around,
and we never stop trying to be better.
Tom Clancy, The Bear and The Dragon
