At the risk of starting an argument, I'm going to respond to this post.
>We have a small network consisting of 11 Solaris nodes and 2 SunOS nodes
>that are all currently using NIS, served by one of the SunOS nodes. We
>want to convert the NIS master to Solaris 2.5.
>We're not particularly concerned with security here.
>What do people think about using NIS+ for such a small environment?
I would recommend against using NIS+ in that sort of environment.
Although NIS+ certainly has advantages, it has some substantial
drawbacks not the least of which is the rather steep learning curve.
For an environment that small many of the features of NIS+ end up just
getting in the way.
I've also found NIS+ in its current instantiation to be troublesome
and rather tempermental. Granted, its been about a year since I've
done any serious work with it, but at the time I had to deal with it
there was really no way to troubleshoot many of the problems that one
encounters. We were constantly hassling with it, and it seemed rather
fragile and bug-ridden.
In the intervening time I am sure that Sun has addressed some of the
problems, especially the bugs. But learning how to set up and
administer it is still a major undertaking: NONE of what you already
know about NIS will transfer. It is a completely different
environment. It seems to me that the investment in time required to
learn the intricacies of NIS+ (including its quirks) would not be
beneficial for such a small installation.
Quote:>Are we borrowing trouble?
The transition will likely be difficult, primarily for the
Quote:>The main advantage for us seems to be that NIS+ is more "mainstream"
>Sun, and as such might be better supported.
That reason alone would not be enough to convince me to move to NIS+.
Quote:>I've asked Sun Support this question, but they don't seem to have it in
>them to recommend against using NIS+.
The Sun party line appears to be "NIS+ at all costs". Yes, they will
always recommend that you use it.
Quote:>They did indicate that NIS might
>become unsupported at some time in the future.
Yes this is a risk. However, they ARE supporting it now. Although
NIS server software does not come with Solaris 2, it is easy and cheap
to buy from Sun: the "Name Services Transition Kit". Sun has fixed
all the bus in NIS that they probably ever will (there's still bugs
and shortcomings, but even while Sun still claims to "support" NIS, no
one is really expecting them to fix the remaining problems). I
suspect that the NSKit will continue to work on future revisions of
Solaris 2. Only when we move to the next major version (what one
might call Solaris 3) would this become a major issue.
Quote:>Do other UNIX vendors, like HP, IBM, etc. support NIS+?
And that's one of the major drawbacks of moving to NIS+. Despite
Sun's prior claims, no one else seems to have jumped on the NIS+
bandwagon. Sun will tell you, "but NIS+ servers can easily support
NIS clients, thus all your non-Sun equipment will continue to work."
But what they aren't so eager to tell you is that NIS+ will only
provide globally readable data to NIS clients, requiring you to
dispense with nearly all the security benefit that NIS+ gives you in
order to support NIS clients. If you gain no security benefit, and if
you don't need the hierarchical domain stuff (which small sites rarely
do) then why bother with the added complexity?
NIS has its drawbacks: the security ones being serious and
insurmountable. But it does have the advantage of being a rather
straightforward implementation. This makes it easy to administer and
troubleshoot. (Some people may take me to task for that statement:
perhaps my idea of "easy" is at a different level than others' :-) )
Don't get me wrong: NIS+ has some great ideas. The ideal information
distribution system would have many of the features contained in NIS+:
encryption-based security, hierarchical namespace, incremental
updates, fault tolerance, etc. But NIS+ has too many drawbacks to be
the final answer.
Group sys Consulting
+1 770 813 3224