Setting up NIS questions?

Steve Kargl sgk at troutmask.apl.washington.edu
Sat May 20 10:10:22 PDT 2006 

On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote:
> Steve Kargl wrote:
> >I can't even get NIS set up with ypinit.  It unconditionally
> >uses /bin/hostname, which will grab the FQDN of the system.
> >You have given me an idea.  I can change rc.conf to set hostname
> >to the name I've given 192.168.0.10, put that on bge0, put 
> >the IP address associated with the FQDN on bge1, and reboot.
> >This might permit NIS to come up.  Though this seems like a hack,
> >because when someone connects to the seem via the FQDN, 
> >/bin/hostname will give the wrong answer.
> 
> Associating the ypdomain with the FQDN from the DNS is convenient, and a 
> convention that many follow, but it is not required, by any means.  The 
> O'Reilly "Managing NIS and NFS" book is a fine reference on this sort of 
> thing, BTW, and is probably available online in PDF form if you look.

Thanks for the pointer.  I'll go looking for this book.

> Nevertheless, YP/NIS predates many of the more convoluted network 
> designs that people set up nowadays, and was intended for machines which 
> have a single identity even if they have multiple NICs-- Sun used to 
> assign the same MAC address to all NICs on one machine, to ensure that 
> people respected collision domains.

I don't see how this is convoluted.  In fact, I would be inclined
to claim that it is the defacto method for setting up an internal
computational cluster

                                 s  <---> node1
internet <-F-> FQDN|master <---> w  <---> node2
                                 t  <---> node3

where swt = switch.

> It is not normally desirable to set up a YP/NIS master server on
> a machine which is multihomed in the sense of doing NAT or needing
> a firewall to separate internal from external, and obvious a
> firewall machine running zero or the minimal necessary services is
> a lot more secure....

Note that <-F-> actually has at least one firewall.  Only people in
the apl.washington.edu domain can get to FQDN.  I was hoping to 
use NIS to simplify the propagation of info (eg., passwd, hosts,
etc.) from master to the nodes.  Propagating the info by hand
isn't too bad because I only have five nodes represently.  However,
I hope to grow an additional 11 nodes.

-- 
Steve

More information about the freebsd-questions mailing list