[NTLUG:Discuss] NIS capabilities? - noobie

namit.bhalla at wipro.com namit.bhalla at wipro.com
Mon Apr 13 06:04:39 CDT 2009


On 4/9/09, Robert Pearson <e2eiod at gmail.com> wrote:
>
>  > Not sure what you mean here by "common data format"?
>
>
>> Its "date" format and not "data" :)
>>  I just took a simple example for the purpose.
>>  The basic question was - can I enforce policies using NIS (the way
it is
>>  done in AD for Windows)
>>

On 4/10/09, Robert Pearson <e2eiod at gmail.com> wrote:
> My bad.
> I forgot to turn on BIG fonts so I could see the difference between
"e" and "a".

>
>  >>  Can NIS be used for such purposes.
>  >>
>  >>  Any pointers would be of great help.
>  >>  Thanks!
>  >>
>
>  > Here's what Wikipedia says about NIS (and I agree with it):
>  > <http://en.wikipedia.org/wiki/Network_Information_Service>
>
>
> [snipped Wikipedia excerpt]
>
>
>  > [mycomment]
>  > It is a question of scale.
>  > Pick your environment:
>  > Personal Computing
>  > SOHO - maybe LDAP
>  > SMB - LDAP (or with) Active Directory
>  > Enterprise - LDAP, DNS, Other, Active Directory, Identity
Management
>
>  > There are some new "Identity Management" tools to look at.
>
>  > YMMV
>
>
>
> You mention Active Directory here. Would you know how exactly that
works
>  in *ix (client?) environments?
>  Thanks again!
>

> How it works exactly depends on your Strategy (goals, objective,
> requirements, etc.), Legacy issues and Budget.
> In general, the DIY solution requires large amounts of initial man
> hours and the sustaining maintenance requires some. Unless your DIY
> solution is dynamic then everytime your IT environment and
> configurations change some maintenance will be required in the DIY
> solution.
> Most people opt for NIS or LDAP with Kerberos and stop short of AD
integration.
> If they have the budget they will take  a hard look at the "third
> party" products.
> "*ix" integration into AD is done in a variety of ways. Depends on
> your needs, wants and budget.
> After integration you will have a "working" solution for "*ix" rather
> than what AD provides for Windows. There is a "work-a-round" for
> groups but it does not have the same granularity of control as for
> Windows. Some things are lost in the translation to "*ix".
> People report varying degrees of success with the integration. If you
> have the budget the support of a major vendor or third party product
> the work will yield better results.

> In the distant past you could just install Windows Services for Unix
> and start writing scripts for integration with NIS. It was a lot of
> work and unique to that environment at that point in time.
> <http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx>

> [Some selected quotes]
> "If you are in a unix only network and if you have a very minimal set
> of maps that you wish to administer ,NIS is still relevant and
> useful."

> "Well, what are the options?

> Files: suck for all the obvious reasons
> LDAP: obviously good for large sites and it might even interoperate
> with Windows, but, well, large sites, blah.
> NIS: security is a bit of a joke though can be made better. Easy to
> look after. You can cook your own maps with minimal effort. Won't talk
> to Windows easily. Flat namespace, scaling issues (but fine up to
> several hundred hosts, so long as flat namespace is OK).
> DNS: the right answer for hosts, obviously.
> (NIS+: dead.)

> Unless there are vast numbers of machines and/or serious Windows
> interoperability issues, I think NIS (with DNS for hosts) is a clear
> winner."

> I use quotes because other people say it better than I can.
> Like Chris Cox - pure gold...


Thanks!
That really helps.

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com



More information about the Discuss mailing list