Setting up NIS questions?
Steve Kargl
sgk at troutmask.apl.washington.edu
Sat May 20 10:10:22 PDT 2006
On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote:
> Steve Kargl wrote:
> >I can't even get NIS set up with ypinit. It unconditionally
> >uses /bin/hostname, which will grab the FQDN of the system.
> >You have given me an idea. I can change rc.conf to set hostname
> >to the name I've given 192.168.0.10, put that on bge0, put
> >the IP address associated with the FQDN on bge1, and reboot.
> >This might permit NIS to come up. Though this seems like a hack,
> >because when someone connects to the seem via the FQDN,
> >/bin/hostname will give the wrong answer.
>
> Associating the ypdomain with the FQDN from the DNS is convenient, and a
> convention that many follow, but it is not required, by any means. The
> O'Reilly "Managing NIS and NFS" book is a fine reference on this sort of
> thing, BTW, and is probably available online in PDF form if you look.
Thanks for the pointer. I'll go looking for this book.
> Nevertheless, YP/NIS predates many of the more convoluted network
> designs that people set up nowadays, and was intended for machines which
> have a single identity even if they have multiple NICs-- Sun used to
> assign the same MAC address to all NICs on one machine, to ensure that
> people respected collision domains.
I don't see how this is convoluted. In fact, I would be inclined
to claim that it is the defacto method for setting up an internal
computational cluster
s <---> node1
internet <-F-> FQDN|master <---> w <---> node2
t <---> node3
where swt = switch.
> It is not normally desirable to set up a YP/NIS master server on
> a machine which is multihomed in the sense of doing NAT or needing
> a firewall to separate internal from external, and obvious a
> firewall machine running zero or the minimal necessary services is
> a lot more secure....
Note that <-F-> actually has at least one firewall. Only people in
the apl.washington.edu domain can get to FQDN. I was hoping to
use NIS to simplify the propagation of info (eg., passwd, hosts,
etc.) from master to the nodes. Propagating the info by hand
isn't too bad because I only have five nodes represently. However,
I hope to grow an additional 11 nodes.
--
Steve
More information about the freebsd-questions
mailing list