[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-e
Subject:    Re: [SLE] NIS, NIS+, Automount which combinations work
From:       Dylan <dylan () dylan ! me ! uk>
Date:       2004-01-30 20:44:51
Message-ID: 200401302044.51735.dylan () dylan ! me ! uk
[Download RAW message or body]

On Friday 30 January 2004 20:03 pm, Steven T. Hatton wrote:
> I've never found time to focus on this topic, but I believe it is
> very important.  I discovered automount purely by accident.  It
> wasn't until I removed NIS that I learned that automount required
> NIS. 

It doesn't. but works well with it. It may be a dependency, but 
automount (actually autofs) is independent of NIS. If you are thinking 
of using it then I'd reccomend getting the latest autofs4 from 
www.kernel.org.

> I seem to recall that it does (did) not work with NIS+, or
> something like that. I'm trying to get all this straight in my head.
>
> What are the various options available in SuSE 9.0 as regards NIS,
> NIS+, Automount, NFS, etc.  I.e., what versions and variants are
> available, and how do they work together?

NIS+ is only available as a client - SFAIK there is no Linux server for 
it, only a Solaris one. Can't say any more about it that that...

NIS works well, but you may need to hack the makefile to get it to 
distribute non-standard autofs maps. I simply added the necessary 
sections for my setup and it worked fine. There is no encryption on the 
passwords, so it shouldn't be used on an open or untrusted network. 
Also, you might need to consider which groups you map (I had to do some 
shenanigans to get GID uucp right so my client boxes can access serial 
devices.)

Autofs3 doesn't (IME, YMMV) work well, especially with NIS. autofs4 (and 
I really do suggest getting the latest build) functions as described - 
I share all the autofs configs with NIS over 8 boxes without problems - 
but there are pitfalls which I'll happily help you with, or you can try 
the mailing list.

NFS has some peculiarities - it doesn't co-exist well with reiserfs, no 
matter what people say about the problems being fixed. Security is 
basic to say the least, but if you configure it sensibly you should be 
safe on a closed network. It's not easy to get it running through NAT, 
to the extent that I wouldn't bother trying (again, YMMV.) Also, it's 
picky about whitespace in the /etc/exports file, and the file locking 
is not what it should be!

>  What are the advantages
> and limitations of each?
>
> What kinds of security is available with each? Can the entire data
> transfer be encrypted? 

Definitely not in the basic setups, but I suppose you could tunnel the 
connections over a secure link of some kind.

> How.  Can the authentication be encrypted or
> PKI based?

Not with NIS, and I don't know what PKI is.

HTH

Dylan

>
>  I know I could probably formulate more coherent questions. I'm just
> trying to get some discussion going. I know LDAP, DNS, and DHCP can
> also play into this topic, as can IPv6.
>
> STH

-- 
"They that can give up essential liberty to obtain a little 
temporary safety, deserve neither liberty nor safety." 
                                  -Benjamin Franklin


-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com



[prev in list] [next in list] [prev in thread] [next in thread]