[NTLUG:Discuss] NIS capabilities? - noobie

Robert Pearson e2eiod at gmail.com
Sat Apr 11 13:28:41 CDT 2009 

On 4/10/09, namit.bhalla at wipro.com <namit.bhalla at wipro.com> wrote:
> On 4/9/09, namit.bhalla at wipro.com <namit.bhalla at wipro.com> wrote:
>  >> Hi,
>  >>  I am completely new to the concept of NIS and wish to know what all
>  can
>  >>  be done using NIS.
>  >>  >From what I have read so far, NIS can be used to allow any user to
>  log
>  >>  on to any client system
>  >>  on a network by having a central database of the passwd files etc.
>  >>  I have also read that NIS can be used to "share a common set of
>  >>  configuration files".
>  >>  Could someone please clarify what kind of central configuration is
>  >>  possible using NIS?
>  >>  How can an admin "control" the users in a domain using NIS? For
>  >>  instance, in Windows, the
>  >>  admin can use Active Directory to establish a common date format for
>  all
>  >>  clients.
>
>
> On 4/9/09, Robert Pearson <e2eiod at gmail.com> wrote:
>  > Not sure what you mean here by "common data format"?
>
>
> Its "date" format and not "data" :)
>  I just took a simple example for the purpose.
>  The basic question was - can I enforce policies using NIS (the way it is
>  done in AD for Windows)
>

My bad.
I forgot to turn on BIG fonts so I could see the difference between "e" and "a".

>
>  >>  Can NIS be used for such purposes.
>  >>
>  >>  Any pointers would be of great help.
>  >>  Thanks!
>  >>
>
>  > Here's what Wikipedia says about NIS (and I agree with it):
>  > <http://en.wikipedia.org/wiki/Network_Information_Service>
>
>
> [snipped Wikipedia excerpt]
>
>
>  > [mycomment]
>  > It is a question of scale.
>  > Pick your environment:
>  > Personal Computing
>  > SOHO - maybe LDAP
>  > SMB - LDAP (or with) Active Directory
>  > Enterprise - LDAP, DNS, Other, Active Directory, Identity Management
>
>  > There are some new "Identity Management" tools to look at.
>
>  > YMMV
>
>
>
> You mention Active Directory here. Would you know how exactly that works
>  in *ix (client?) environments?
>  Thanks again!
>

How it works exactly depends on your Strategy (goals, objective,
requirements, etc.), Legacy issues and Budget.
In general, the DIY solution requires large amounts of initial man
hours and the sustaining maintenance requires some. Unless your DIY
solution is dynamic then everytime your IT environment and
configurations change some maintenance will be required in the DIY
solution.
Most people opt for NIS or LDAP with Kerberos and stop short of AD integration.
If they have the budget they will take  a hard look at the "third
party" products.
"*ix" integration into AD is done in a variety of ways. Depends on
your needs, wants and budget.
After integration you will have a "working" solution for "*ix" rather
than what AD provides for Windows. There is a "work-a-round" for
groups but it does not have the same granularity of control as for
Windows. Some things are lost in the translation to "*ix".
People report varying degrees of success with the integration. If you
have the budget the support of a major vendor or third party product
the work will yield better results.

In the distant past you could just install Windows Services for Unix
and start writing scripts for integration with NIS. It was a lot of
work and unique to that environment at that point in time.
<http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx>

[Some selected quotes]
"If you are in a unix only network and if you have a very minimal set
of maps that you wish to administer ,NIS is still relevant and
useful."

"Well, what are the options?

Files: suck for all the obvious reasons
LDAP: obviously good for large sites and it might even interoperate
with Windows, but, well, large sites, blah.
NIS: security is a bit of a joke though can be made better. Easy to
look after. You can cook your own maps with minimal effort. Won't talk
to Windows easily. Flat namespace, scaling issues (but fine up to
several hundred hosts, so long as flat namespace is OK).
DNS: the right answer for hosts, obviously.
(NIS+: dead.)

Unless there are vast numbers of machines and/or serious Windows
interoperability issues, I think NIS (with DNS for hosts) is a clear
winner."

I use quotes because other people say it better than I can.
Like Chris Cox - pure gold...

More information about the Discuss mailing list