[CentOS] NIS or not?

Pete Geenhuizen pete at geenhuizen.net
Tue Jan 28 13:12:16 UTC 2014 

On 01/28/2014 04:02 AM, Sorin Srbu wrote:
> Hi all,
>
> We're getting to a point in our linux environment where it's starting to be
> cumbersome to keep shadow and passwd-files up-to-date for the users to login
> on each computer. Scripts can only get us so far. 8-/
>
> I've looked a bit into central login systems for linux, and NIS and LDAP seem
> to be prevalent. NIS being the simpler-to-setup solution for small to medium
> networks as I understand it, while LDAP is the more modern and scalable
> solution.
> See eg http://www.yolinux.com/TUTORIALS/NIS.html or
> http://sysadmin-notepad.blogspot.se/2013/06/nis-server-setup-on-rhelcentos.html.
>
> NIS-wise, what is a "small to medium network"?
> We have currently about 20-30'ish linux clients and servers, and the
> environment is not likely to increase much beyond this point.
> Is a 30ish-computer setup, a small network?
>
> The only thing I'm trying to accomplish is a system which will allow me to
> keep user accounts and passwords in one place, with one place only to
> administrate. NIS seems to be able to do that.
>
> Comments and insights are much appreciated!
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I used NIS for many years while working on Sun Solaris and it worked 
extremely well, although when it breaks it can be a real challenge to 
figure out the problems.
I don't know how well it's implemented in Linux, bound to be a bit 
different than Solaris.  In either case if it's important be aware of 
the potential security issues related to NIS, mainly the clear text 
passing of the password which is what pretty much doomed it.

Depending on how ansi your users get I would recommend a slave server as 
well, you might also consider using autofs to mount the user's homes.

The biggest potential problem that you might run into when you first 
implement NIS is to take a look at the uid of all the users on each 
host, you will need to ensure that they are the same before you start 
NIS or else it will be a mess for the users because they won't own their 
own files.

With all of that said I do think though that LDAP would be a better 
solution although I've not used LDAP.

Good luck with it either way.

Pete


-- 
Unencumbered by the thought process.
  -- Click and Clack the Tappet brothers

More information about the CentOS mailing list