[CentOS] Seeking advice about auth/home serving

[Filipe Brandenburger]

Hi,

On Wed, Oct 15, 2008 at 06:05, Laurent Wandrebeck
<l.wandrebeck at gmail.com> wrote:
> 2008/10/15 Ian Forde <ian at duckland.org>:
>> Without knowing more specifics, you could always try using the /net
>> automount... as in: /net/servername/data
>>
>> It's ugly, and rarely used, but it works for small networks...
>
> automount could do the trick, but it's ugly, as you said :)

automount is not ugly, what is ugly is to use paths that include the
name of the server, in that if you change the server name the path of
the files will change. This is also ugly because you end up having
cross-mounts, in which machine A mounts a volume from machine B and
machine B mounts a volume from machine A, so when you want to shut
them down they may hang one waiting for the other one to come up (and
with fstab instead of automount, you have the same problem when you
boot up).

automount is actually quite a good tool if you really need to do this
kind of stuff, which in your case you will probably have to anyway.
The setup with automount is actually good in that volumes will be kept
mounted only while they're used (if you use a short enough timeout),
and in your case it seems that they will be seldomly used, so you
would not have NFS mounted filesystems most of the time.

I sure recommend you to move from NIS to LDAP, for your network size
OpenLDAP should be good enough, but you may want to look into a
Directory Server if you want something more robust (although it will
be harder to set up). When you implement LDAP, make sure you implement
it over SSL if you don't want your passwords going unencrypted over
the network, or use LDAP for user information only and Kerberos for
authentication.

NFSv3 -> NFSv4 also looks good, but I would say this tends to be a
more risky upgrade, since NFS3 is quite stable and NFS4 is still
somewhat new and you may end up having some surprises with it.
Personally I will still stick with NFSv3 for a while.

HTH,
Filipe