[CentOS] Seeking advice about auth/home serving
rswwalker at gmail.com
Wed Oct 15 14:14:17 UTC 2008
On Oct 15, 2008, at 9:51 AM, "Filipe Brandenburger" <filbranden at gmail.com
> On Wed, Oct 15, 2008 at 06:05, Laurent Wandrebeck
> <l.wandrebeck at gmail.com> wrote:
>> 2008/10/15 Ian Forde <ian at duckland.org>:
>>> Without knowing more specifics, you could always try using the /net
>>> automount... as in: /net/servername/data
>>> It's ugly, and rarely used, but it works for small networks...
>> automount could do the trick, but it's ugly, as you said :)
> automount is not ugly, what is ugly is to use paths that include the
> name of the server, in that if you change the server name the path of
> the files will change. This is also ugly because you end up having
> cross-mounts, in which machine A mounts a volume from machine B and
> machine B mounts a volume from machine A, so when you want to shut
> them down they may hang one waiting for the other one to come up (and
> with fstab instead of automount, you have the same problem when you
> boot up).
Try to write your own auto mount maps that mount to descriptive mount
points rather than server names:
> automount is actually quite a good tool if you really need to do this
> kind of stuff, which in your case you will probably have to anyway.
> The setup with automount is actually good in that volumes will be kept
> mounted only while they're used (if you use a short enough timeout),
> and in your case it seems that they will be seldomly used, so you
> would not have NFS mounted filesystems most of the time.
> I sure recommend you to move from NIS to LDAP, for your network size
> OpenLDAP should be good enough, but you may want to look into a
> Directory Server if you want something more robust (although it will
> be harder to set up). When you implement LDAP, make sure you implement
> it over SSL if you don't want your passwords going unencrypted over
> the network, or use LDAP for user information only and Kerberos for
If all your doing is serving up mount maps or netgroups then ldap is
over kill, definitely don't put passwords in nis (or ldap) use
kerberos for those.
A small user base can be handled more easily via nis then ldap you
don't need to put passwords in passwd use kerberos for those.
> NFSv3 -> NFSv4 also looks good, but I would say this tends to be a
> more risky upgrade, since NFS3 is quite stable and NFS4 is still
> somewhat new and you may end up having some surprises with it.
> Personally I will still stick with NFSv3 for a while.
For best interoperability use v3.
More information about the CentOS