On 01/28/2014 04:02 AM, Sorin Srbu wrote: > Hi all, > > We're getting to a point in our linux environment where it's starting to be > cumbersome to keep shadow and passwd-files up-to-date for the users to login > on each computer. Scripts can only get us so far. 8-/ > > I've looked a bit into central login systems for linux, and NIS and LDAP seem > to be prevalent. NIS being the simpler-to-setup solution for small to medium > networks as I understand it, while LDAP is the more modern and scalable > solution. > See eg http://www.yolinux.com/TUTORIALS/NIS.html or > http://sysadmin-notepad.blogspot.se/2013/06/nis-server-setup-on-rhelcentos.html. > > NIS-wise, what is a "small to medium network"? > We have currently about 20-30'ish linux clients and servers, and the > environment is not likely to increase much beyond this point. > Is a 30ish-computer setup, a small network? > > The only thing I'm trying to accomplish is a system which will allow me to > keep user accounts and passwords in one place, with one place only to > administrate. NIS seems to be able to do that. > > Comments and insights are much appreciated! > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos I used NIS for many years while working on Sun Solaris and it worked extremely well, although when it breaks it can be a real challenge to figure out the problems. I don't know how well it's implemented in Linux, bound to be a bit different than Solaris. In either case if it's important be aware of the potential security issues related to NIS, mainly the clear text passing of the password which is what pretty much doomed it. Depending on how ansi your users get I would recommend a slave server as well, you might also consider using autofs to mount the user's homes. The biggest potential problem that you might run into when you first implement NIS is to take a look at the uid of all the users on each host, you will need to ensure that they are the same before you start NIS or else it will be a mess for the users because they won't own their own files. With all of that said I do think though that LDAP would be a better solution although I've not used LDAP. Good luck with it either way. Pete -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers