Centralized DB of "system" users
talon at lpthe.jussieu.fr
Sat Dec 13 01:18:34 PST 2008
Lowell Gilbert wrote:
NIS, which stands for Network Information Services, was developed
by Sun Microsystems to centralize administration of UNIX
(originally SunOS) systems. It has now essentially become an
industry standard; all major UNIX like systems (Solaris, HP-UX,
AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS.
I work i am in a mostly Linux shop managed by NIS. However my machines
are under FreeBSD and i have no problem getting the NIS info. The only
gotcha is that, under Linux you have 2 files for passwds /etc/passwd
and /etc/shadow, while under FreeBSD you have just one
/etc/master.passwd. So you need to run NIS in compatibility mode on the
Linux server, so that passwd and shadow are "concatenated". Securitywise
it is the same since in any case the shadow information flows on the
wire, ready to be captured by a scannner.
The main problem with NIS, in my opinion, is that, when the NIS
server(s) are down (it always occur once or twice a year here), all the
clients are completely frozen immediately, so if you want high
availability, better copy the passwd files on each client directly and
not use a network server like that. Our previous sysadm had written a
couple of replication scripts which worked very well this way. The
present one reverted to NIS with this small inconvenient.
Replication requires that you only modify passwd files on the server,
like with NIS, and then, as soon as a modification is detected, files
are propagated on all clients. This is extremely easy to achieve, and
*much* more efficient, networkwise than using a thing like NIS or LDAP,
where each client is constantly polling the server to get information
about home directories, tilde expansions,etc.
More information about the freebsd-questions