[NTLUG:Discuss] NIS

[Chris Cox]

Leroy Tennison wrote:
> I heard something at work that I haven't been able to find an answer to 
> easily via Google so I'm looking for someone who knows.  What I heard 
> was that, if you didn't run nscd, it effectively disabled the NIS 
> client.  Something about that doesn't sound quite right to me but I've 
> never worked with NIS so I'd rather ask that assume something.  The 
> context was Solaris but it raises the general question as to whether a 
> caching mechanism has an impact on services such as NIS (and maybe 
> others like it).

You do NOT need nscd.  In fact, it cause some behaviors you might not
like.  Since nscd caches NIS maps, that means it cache the passwd map
(arguably the main benefit of the caching nowadays).  While this can
greatly speed up user/group lookups (which are done almost constantly on
any system), it also caches the password hash.  So when a user changes
their password, the change is NOT done immediately on NIS clients for
which the entry is already cached (causing some frustration until the
cache is expired).

> 
> A related question, what's the best way to insure that NIS client 
> functionality is disabled (that's the goal)?  I realize that with *NIX 
> there's probably a half dozen ways to accomplish this so I'll clarify a 
> bit: What's the optimum method as far as ease of implementation without 
> too much risk that an inadvertent configuration "oops" would nullify it?

/etc/init.d/ypbind stop
To stop ypbind immediately.

Remove ypbind from the init startups.

Uninstall ypbind.

Also, in many cases simply removing nis from your /etc/nsswitch.conf
will disable quite a bit (if not everything), though you'll still be
bound, just the info won't be used anymore.

> 
> Thanks for your help.
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
>