On 7 January 2015 at 17:06, Konstantin Olchanski <olcha...@triumf.ca> wrote:
> On Wed, Jan 07, 2015 at 03:21:37PM -0700, Stephen John Smoogen wrote:
> > On 7 January 2015 at 14:54, Konstantin Olchanski <olcha...@triumf.ca>
> wrote:
> >
> > Hehe. I remember when 20 years ago people would say the exact same thing
> > about ypbind over some sort of script set which copied everything with
> root
> > rcp. Those then got replaced by people who had used ypbind somewhere and
> > were comfortable on it.
> >
>
> I started in this business in 1992 and our cluster of SGI machines
> was already based on NIS (from before my time). (I think
> automount/autofs/amd
> showed up a little later).
>
>
And I expect that you had at that point still stories from people saying
NIS broke everything when it went down and we should just use some homebrew
kit (or worse yet.. add each user by hand because lord how are you going to
know it got done.)
> But believe it or not, I am seriously considering "going back" to
> scp-pushed
> config files - too many technical problems have accumulated with NIS and
> with
> the current software chain "nis maintainers"->Fedora->RHEL->SL I doubt they
> will ever be fixed (even if "nis maintainers" still exist):
NIS has been dead upstream for 10+ years when Sun started pushing NIS+ and
then their own LDAP solution afterwords. A lot of large business/.gov/.mil
list it as verbotten because of the many security problems it has (password
issues usually though various hijacking items can occur). It is mostly
still in the distribution because people like us who became admins from
1987->1994 have it in our toolkit and know how to use it.
For the scp item.. you might want to look at ansible. It does orchestration
over ssh which allows for a lot of bypassing of these items.
>
- ypbind vanished mysteriously (usually during periods of network
> connectivity loss)
> - ypbind killed by OOM killer (kill something else, please!).
> - autofs and rpc.mountd doing negative caching (after pushing new autofs
> and netgroup maps,
> these demons have to be restarted on each client machine, or they would
> not see
> the added entries).
> - ypbind does not automatically open holes in the firewall (fixed in
> SL7?!?)
> - hard to add non-standard autofs maps (have to edit the Makefile).
> - probably more.
>
> >
> > My main concern is that most places I have seen that kept with ypbind get
> > replaced with Active Directory (which FreeIPA is really trying to give an
> > answer for).
> >
>
> Not in the DAQ world - makes no sense to run a Windows Activer Directory
> box
> just to manage a bunch of (effectively) embedded Linux machines. Plus DAQ
> usually means unattended operation while Windows (and MacOS) has
> too many "keyboard not found, please press F1 to continue" gems and
> generally
> assume that there is a human lackey in front of the terminal at all times
> ready to service any whim ("let's reboot now to install these important
> Windows updates!").
>
>
Not as much these days... if at all. I actually know some remote data
aqcuisition places converted over to windows only with it all automated. It
is mostly from 2012 onward, but it is catching up and we may end up
dinosaurs faster than we throught.
--
Stephen J Smoogen.
