[NTLUG:Discuss] NIS no longer developed?

Tom Adelstein adelste at netscape.net
Wed Aug 6 13:37:24 CDT 2003 


cjcox at acm.org wrote:
> Tom Adelstein wrote:
> 
>>
>>
>> cjcox at acm.org wrote:
>>
>>> Neil Aggarwal wrote:
>>>
>>>> Hello all:
>>>>
>>>> If I look at the Linux NIS homepage, it looks like the product
>>>> is no longer being developed.  Is that true?
>>>
>>>
>>>
>>>
>>> Probably not developed since it is complete.  Where do you think it
>>> needs to go?  Granted an good automounter still needs
>>> some development work, but that's a side tool often integrated
>>> with NIS deployments... but not a part of NIS.
>>>
>>>>
>>>> If so, what replacement are people using to centralize
>>>> password management in a mixed environment (Linux and
>>>> Windows)?
>>>
>>>
>>>
>>>
>>> IMHO, NIS works, and the others don't.  Oh.. you can
>>> spend several months getting OpenLDAP to work, but
>>> certainly not across the enterprise (all Unix/Windows/etc.)
>>> and the schemas are under HEAVY flux and will continue
>>> to be so for at LEAST another year or so (that from
>>> Gerald Carter).  Vendors are still trying to 0wn LDAP
>>> instead of working on interoperability.  If you're
>>> all Linux... then you're choices are wide open... if
>>> you're a mixed environment, then I prefer NIS + Samba + PAM + ssh
>>> for single sign on and single platform account management without
>>> the primary NIS security flaw (exposed DES encrypted
>>> passwords).
>>>
>>> Anyone who has gone through the pains of LDAP conversion
>>> more than once (due to the schema changes) will tell you
>>> they're sick of the changes.  Would be nice to see things
>>> settle down, but even then, will it integrate seemlessly
>>> with Microsoft Active Directory??
>>>
>>> LDAP... new technology, many security flaws, immature.
>>> Anyone recommending this over NIS hasn't really analyzed
>>> the tech too closely.
>>>
>>> I probably stand alone in this boat in the Linux community.
>>>
>>> Regards,
>>> Chris
>>>
>>>
>>> _______________________________________________
>>> https://ntlug.org/mailman/listinfo/discuss
>>
>>
>>
>> Chris,
>>
>> I recognize your extensive expertise in this area.
>>
>> I just have a problem with your absolutes "anybody" "immature" 
>> especially in light of the IMHO (in my humble opinion).
> 
> 
> Yep.. I went to OpenLDAP school under Gerald Carter at Usenix
> for the very reason of determining if it was baked yet...
> conclusion: smelling good, but not quite done.  Lots of
> frustrated attendees talking about having to do yet another
> schema migration to support the new definitions.
> 
>>
>> I've developed in places where LDAP works fine and the admins love it.
> 
> 
> Sun <-> Sun ... works great.. they 0wn the technology.
> 
> Linux <-> Linux  ... can work great, but requires some work unless
> all Linux use the same dist.
> 
>>
>> I've suggested NIS in other places and the people hated it.
> 
> 
> Haven't seen an LDAP yet that does Windows/Linux/HPUX/Solaris/AIX
> without jumping through major hoops (hoops which  to me are
> just as painful as account replications.. and in many cases,
> what I've seen done is effectively account replication when
> you get right down to it).
> 
> I'm surprised about the NIS difficulties... it's pretty
> simple.
> 
>>
>> Afterall, you like SuSE. How can anyone really trust your opinion?
>>
>> (Joking...joking...joking). <grin><grin><grin>.
>>
>> The only thing I'm saying is that I've seen lots of different opinions 
>> on it.
>>
>> Personally, I like NIS in smaller environments.
> 
> 
> Granted, I have not tried an implemenation into the 1000's of users.
> Most of mine involve hundreds of users.  Usually site autonomy
> comes into play, so I haven't had to worry about the difficulties
> of wide area account management.  But LDAP should have some of
> the very same issues that NIS has with that... and in some cases the
> problems will be worse (much worse).
> 
> My presentation materials do mention that LDAP is the "future"...
> but I'm not so sure now.  It's possible that it will be the
> future, but right now, it's definitely going through some
> of the very same birth pains that older technologies have
> already addressed or at least have talked about for many, many
> years.  I just surprises me to see a "new" technology
> repeating old mistakes... well.. perhaps "surprise" is too
> strong of a word.
> 
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

Novell Directory Services seems to look like the way most of the 
enterprizes headed when Novell put up their Tools on the OpenLDAP site 
over a year ago.

If you look at the documentation for the "new technologies" you have to 
be a plumber to figure them out.

That's why I asked you to share your fax solution.

People know how to fix and patch the LDAP solutions, they just don't 
share them. I have seen them working.

Here's one you'll like. IBM's Linux Technology Lab started work on a 
drop in replacement for Active Directory using Open LDAP about eighteen 
months ago. I know, because I did some consulting with an intern on the 
project. I developed a Global Address List address provider for Outlook 
which looked and behaved like the Exchange GAL but worked on OpenLDAP. 
We sold it with Insight Server. SO, IBM called. Where is this drop in 
replacement? They had a dozen developers working on it.

Not that that matters, but what does matter: what is the future?

Have you seen it?

More information about the Discuss mailing list