What should replace NIS?

What should replace NIS?

Post by Jim Thoma » Tue, 18 Jul 2000 04:00:00



I'm about to set up a PC lab for a high school.  I've got 20 client PC's
and one server machine to administer all running RH6.2.  I'll need to
set up several accounts - probably 2 dozen, eventually as many as 150.  

I do not relish the idea of setting up an account for every user on
every machine, so I looked into NIS.  However, the NIS documentation
(Essential System Administration) scared me away saying such things as
"NIS is a security nightmare" and "you would be well advised *not* to
use NIS or even NIS+."

What's the alternative?  Is rdist any better than NIS?

--

Senior Applications Engineer          Web:     http://www.bittware.com
Bittware, Inc                         Tel:              (703) 779-7770
I thought I was wrong once, but I was mistaken.

 
 
 

What should replace NIS?

Post by pkre.. » Wed, 30 Aug 2000 04:00:00


In your case, I would set up a firewall, an internal netwrok behind it with
your 20 client PC's. One machine would figure as file-server for the home-
directories and account-informations.
You can then export the /home via NFS and copy the /etc/passwd and /etc/shadow
/etc/groups to all other machines using scp.

All this could be automated with a small shellscript. You may say in all
stations, to trust the reference machine, so you don't have to enter the root
password again and afain while distributing the files mentioned to the client
stations.

hope this idea can heklp you,

paul kremer

--
   .~.    -----------------------------------------------------------

  // \\   Homepage        http://pkremer.tsx.org/
 /(   )\  PGP key         http://home.datacomm.ch/pkremer/pkremer.asc
  ^^-^^   -----------------------------------------------------------

 
 
 

What should replace NIS?

Post by Jim Thoma » Wed, 30 Aug 2000 04:00:00



> In your case, I would set up a firewall, an internal netwrok behind it with
> your 20 client PC's. One machine would figure as file-server for the home-
> directories and account-informations.
> You can then export the /home via NFS and copy the /etc/passwd and /etc/shadow
> /etc/groups to all other machines using scp.

> All this could be automated with a small shellscript. You may say in all
> stations, to trust the reference machine, so you don't have to enter the root
> password again and afain while distributing the files mentioned to the client
> stations.

> hope this idea can heklp you,

> paul kremer

I thought about this, and have actaully partially implemented it.  We
will have a firewall once we get internet access (verizon strike,
grumble, grumble).  As it stands today, we will be re-distributing
/etc/passwd, shadow, group, and gshadow, but what happens when a user
changes his password?  It's changed on *that* machine *until* we
redistribute!

I foresee a lot of confusion coming down the pike.  BTW, on my machine
"man scp" comes up empty.  Where can I find out more?

I'm still looking for a decent solution, and I'm beginning to think
maybe NIS might be worth the risk.  I'm hoping that all the risk will be
from inside since we'll have a firewall in place...

--

Senior Applications Engineer          Web:     http://www.bittware.com
Bittware, Inc                         Tel:              (703) 779-7770
Reading goes faster if you don't sweat comprehension. - Hobbes

 
 
 

What should replace NIS?

Post by Justin B Willough » Wed, 30 Aug 2000 04:00:00


<snip>

Quote:> I foresee a lot of confusion coming down the pike.  BTW, on my machine
> "man scp" comes up empty.  Where can I find out more?

Its part of the ssh package. Do you have ssh configured and installed?

- Justin
--
   _/     _/_/_/  _/    _/  _/    _/ _/   _/   = Justin Willoughby   =
  _/       _/    _/_/  _/  _/    _/   _/_/     = I use SlackWare!!   =
 _/       _/    _/  _/_/  _/    _/    _/_/     = http://justinw.net  =
_/_/_/ _/_/_/  _/    _/  _/_/_/_/   _/   _/    =--- Jesus Is Lord ---=

 
 
 

1. replaced nis client -> had to reboot nis master?

Hi,

I recently replaced a sparc5 with an ultra1/140 using the same name
and ip address.  I had the new machine all set so the swap only took
about 5 minutes.  But the new machine appeared to hang at the ypbind
stage of booting.  I ended up rebooting the nis master and then rebooting
the client again.

Should I have expected this behavior -- and if so,  how do I restart
the nis master safely without rebooting?  I tried kill -1 on ypserv
and /etc/init.d/rpc??? stop/starts but it needed a reboot.

thanks,
Stuart

2. New version of inet config

3. Solaris 2.8: Can LDAP replace NIS+ ?

4. Library error when starting smb

5. replacing NIS

6. HP ScanJet 5100C (new parallel port scanner) supported?

7. Solaris 2.8: Can LDAP replace NIS+ ?

8. Dial on demand ISDN

9. Replace NIS+

10. Trying to replace NIS+

11. Replacing NIS+ root master server

12. Replacing the NIS master

13. Replacing an NIS+ master server