NIS and non-NIS question

[Chuck Swiger]

Vulpes Velox wrote:
> I have a box I want to rework to allow it to operate outside a NIS
> enviroment when outside my LAN and use NIS and NFS when it is not. Any
> suggestions on how to go about this?

Set up a cron job to invoke a shell script which rsync's your YP master's 
password file (and /etc/group, and anything else you might care about) when 
you are on your LAN, and not if you are not, every X minutes.  Have it run 
pwd_mkdb too.  Maybe add a little awk or perl magic spice to add or screen out 
a range of userid's.  Then disable NIS and rely on plain old flatfiles.

If you use rsync-via-ssh (which is now the default behavior), the process 
above will transmit sensitive password data with considerably more security 
than you get when using plain NIS.  On the other hand, if you are running NFS, 
you risk profile against someone who can sniff your local subnet isn't 
significantly altered, so don't worry too much about this, but the issue of 
security is worth considering at least a little.

For NFS, you might give the automounter (see "man amd") a try.  So long as you 
don't descend into a mount point deliberately (or accidentally via recursion 
using find, grep, etc), the machine will not actually attempt to NFS-mount the 
remote filesystem.

For that matter, you might even consider switching models of operation to 
using CIFS/samba instead of NFS.  Oddly enough, even though NFS is a stateless 
remote filesharing system by design, it's pretty easy to wedge a lot of 
important processes if an NFS share becomes not available.  MacOS X seems to 
tolerate CIFS shares going away better than it handles NFS going away, and 
FreeBSD might well be similar.  (I haven't exhaustively tested either problem 
case *deliberately*, mind you...! :-)

-- 
-Chuck