Re: [SLE] NIS, NIS+, Automount which combinations work

From: Dylan (dylan_at_dylan.me.uk)
Date: 01/30/04

  • Next message: Anders Johansson: "Re: [SLE] Cannot ftp to myself - anonymous ftp works though" 
    To: suse-linux-e@suse.com
Date: Fri, 30 Jan 2004 20:44:51 +0000

    On Friday 30 January 2004 20:03 pm, Steven T. Hatton wrote:
    > I've never found time to focus on this topic, but I believe it is
    > very important. I discovered automount purely by accident. It
    > wasn't until I removed NIS that I learned that automount required
    > NIS.

    It doesn't. but works well with it. It may be a dependency, but
    automount (actually autofs) is independent of NIS. If you are thinking
    of using it then I'd reccomend getting the latest autofs4 from
    www.kernel.org.

    > I seem to recall that it does (did) not work with NIS+, or
    > something like that. I'm trying to get all this straight in my head.
    >
    > What are the various options available in SuSE 9.0 as regards NIS,
    > NIS+, Automount, NFS, etc. I.e., what versions and variants are
    > available, and how do they work together?

    NIS+ is only available as a client - SFAIK there is no Linux server for
    it, only a Solaris one. Can't say any more about it that that...

    NIS works well, but you may need to hack the makefile to get it to
    distribute non-standard autofs maps. I simply added the necessary
    sections for my setup and it worked fine. There is no encryption on the
    passwords, so it shouldn't be used on an open or untrusted network.
    Also, you might need to consider which groups you map (I had to do some
    shenanigans to get GID uucp right so my client boxes can access serial
    devices.)

    Autofs3 doesn't (IME, YMMV) work well, especially with NIS. autofs4 (and
    I really do suggest getting the latest build) functions as described -
    I share all the autofs configs with NIS over 8 boxes without problems -
    but there are pitfalls which I'll happily help you with, or you can try
    the mailing list.

    NFS has some peculiarities - it doesn't co-exist well with reiserfs, no
    matter what people say about the problems being fixed. Security is
    basic to say the least, but if you configure it sensibly you should be
    safe on a closed network. It's not easy to get it running through NAT,
    to the extent that I wouldn't bother trying (again, YMMV.) Also, it's
    picky about whitespace in the /etc/exports file, and the file locking
    is not what it should be!

    > What are the advantages
    > and limitations of each?
    >
    > What kinds of security is available with each? Can the entire data
    > transfer be encrypted?

    Definitely not in the basic setups, but I suppose you could tunnel the
    connections over a secure link of some kind.

    > How. Can the authentication be encrypted or
    > PKI based?

    Not with NIS, and I don't know what PKI is.

    HTH

    Dylan

    >
    > I know I could probably formulate more coherent questions. I'm just
    > trying to get some discussion going. I know LDAP, DNS, and DHCP can
    > also play into this topic, as can IPv6.
    >
    > STH 

    -- 
"They that can give up essential liberty to obtain a little 
temporary safety, deserve neither liberty nor safety." 
                                  -Benjamin Franklin
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Anders Johansson: "Re: [SLE] Cannot ftp to myself - anonymous ftp works though"