[CentOS] Odd issue with C6 and NIS

Thu Oct 6 21:31:45 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Thu, 6 Oct 2011, Steve Rikli wrote:

> So, back to my original example of automount maps (which I've long thought
> about implementing in LDAP but never pursued), how do you deal with the
> situation of needing map(s) loaded, without an active user on the system
> to authenticate the LDAP query with their username/password?

> That is, NIS clients bind to the NIS server, and thereby have access to
> auto.home map or what have you, whether a user ever logs into the client
> system or not.  Automounter is functional and has the map data.

You need an account that can do lookups.  Either you have one 'lookup' account
that you share between multiple machines, or you do it AD style and have an
account per machine.  As I do it, this auth is done with a kerberos keytab
credential with GSSAPI.

> What's the functional equivalent for LDAP automount maps?

Automount maps work just nicely in LDAP, there's a standard schema and you
just populate the records and it works.