SUMMARY: Centralized password -- is NIS+ the right way to go?

From: Santithorn Bunchua (keh@au.ac.th)
Date: Thu Jan 12 1995 - 05:53:02 CST


Regarding my original question, 1 persons suggests using the traditional
file methods and the rdist method. This way, I still don't know how to
enable user to change the password on any machine that he logs in. Another
person suggests using kerberos. Another one told me to use NIS instead.
And another one tole me that NIS+ is nice.

I have also experimented with NIS+ .. it works .. but it downgrade
the system performance a bit. My vendor and also Sun told me not to
use NIS+ because it is not suitable to keep a very large database.
Is that true?... I really would like to know if there is any site
running NIS+ on a big password database. Or may I request more idea
on the best configuration for my site?

--keh--

-- my original posting -------------------------
>
>Dear Sun Managers,
>
>Since I have no experience on administering the system with many
>users, I would like to ask for your suggestions. My university has
>now almost 20,000 users and I would like to implement the centralized
>user/password database. I know that Sun has NIS+. However, it is
>rather complex to me. I have tried to use it once but it took me
>more than one day to convert the database and most of the time there
>are some errors which make me uncertain whether I did it right.
>
>So .. what is the method that has been successfully implemented
>for this. If it is NIS+, is there a tool to manage it easily or
>the standard command provided in Solaris is good enough? I have
>also tried to use AdminTool but everytime it gives me 'timeout'
>error and it cannot help me to do anything. And also .. is there
>NIS+ on other platform eg. HP/UX, BSD unix ? (most of my machines
>are running Solaris 2.3 so they all can use NIS+ but I also have
>other brand machines).
>
>
>Thanks,
>
>Santithorn Bunchua
>Assumption University
>Thailand
>
>--keh--

--- original answer follows --------------------

>From keir@es.su.oz.auThu Jan 12 05:04:32 1995
Date: Wed, 30 Nov 1994 17:09:47 +1100
From: Keir Vaughan-Taylor <keir@es.su.oz.au>
To: keh@abac.au.ac.th
Subject: Re: Centralized password -- is NIS+ the right way to go?

I am in a similar situation as you but not so many users.
I found NIS virtually unusable since even though it promises
to relieve you of much administration, it is difficult to learn
and always seems to have bugs. I elected to turn it off completely.
So far life has been much easier.

You might try reading the man pages on rdist which is one way
to distribute changing files without using NIS.

>From bernards@ECN.NLThu Jan 12 05:04:36 1995
Date: Wed, 30 Nov 1994 09:41:35 +0100
From: Marcel Bernards <bernards@ECN.NL>
To: keh@abac.au.ac.th
Subject: Re: Centralized password -- is NIS+ the right way to go?

NIS plus in not standard available on Non Sun Solaris platforms
And it is indeed too complicated to manage.

We'll stick to NIS, Which can be fooled to do NIS+ like tasks
like a centralized Multiple Domain master
Just add a few directories in the NIS directory and tweak a few Makefiles
for each domain :-)

It lacks a Replica function ,but that can be fixed with some rdist/rcp
scripts in the Makefiles

I'm working on setting up such an environnet. so it's not fully operational
but the multiple domain serving works for sure...

>From anthony.baxter@aaii.oz.auThu Jan 12 05:04:42 1995
Date: Thu, 01 Dec 1994 17:40:52 +1100
From: anthony baxter <anthony.baxter@aaii.oz.au>
To: Santithorn Bunchua <keh@abac.au.ac.th>
Subject: Re: Centralized password -- is NIS+ the right way to go?

NIS+ looks really really nice. Unfortunately, you can only get it for Suns.
Makes it entirely useless for places (like us) that run a large number of
different O/S's.

Anthony

>From john@oncology.uthscsa.eduThu Jan 12 05:04:44 1995
Date: Wed, 30 Nov 1994 18:27:16 +0600
From: John Justin Hough <john@oncology.uthscsa.edu>
To: keh@abac.au.ac.th
Subject: Re: Centralized password -- is NIS+ the right way to go?

Keh,

  In your environment NIS+ is not the way to go now. I suspect that
  all the systems you listed support kerberos directly or can be made
  to support kerberos. Even though there isn't a nice gui'd interface
  for Kerberos it is probably the right way to go (the documentation
  for version 5 shows many nice improvements but the source doesn't
  seem to be accessible anywhere). You could probably make a gui
  interface for it through admintool. The files admintool uses are
  mostly text and edittable. I've made some small changes, so I think
  that it is possible.

john

>From johnh@gerbil.umds.ac.ukThu Jan 12 05:04:47 1995
Date: Wed, 30 Nov 94 14:34:30 GMT
From: John Hearns - System Manager <johnh@gerbil.umds.ac.uk>
Reply to: j.hearns@miranda.umds.ac.uk
To: keh@abac.au.ac.th
Subject: Re: Centralized password -- is NIS+ the right way to go?

I suggest buying the OReilly book

'Managing NFS and NIS' by Hal Stern
I just spent 20 quid of my own money on this.

The OReilly books are EXCELLENT for budding sysadmins like us.

Buy lots of them (I have, and I don't egret it)



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:14 CDT