[CentOS] CentOS 8 NIS

Sun Apr 12 09:46:57 UTC 2020
Pete Biggs <pete at biggs.org.uk>

> Yes, let me validate Mr. Kovacs comment.  I am aware of the shortcomings 
> of NIS in the area of security.  Let me provide some information on the 
> topography of my network and my reasoning for choosing NIS/NFS.  Perhaps 
> an alternative may be suggested to meet my needs without totally 
> confounding me when it comes to configuration. 

The good thing about YP/NIS is that it's simple - if all you want is
for your clients to get user info it is ideal. Unfortunately it was
designed in a time when passwords were hard to crack and "script
kiddie" was a yet to be invented term. Some of my systems still use
NIS+. but they are isolated and legacy.


> 
> Now that I've bored you to tears, are there any suggestions as to what I 
> should use as a replacement for NIS/NFS for sharing and mounting of 
> /home directories on the other three machines on my network?  Consider 
> that you are probably going to end up holding my hand in this endeavor 
> so choose something that you would want to configure and use.
> 
I think your best bet is to see what's supported in sssd - that will at
least give you some hope of getting some level of consistency. Pick
something that takes your fancy and isn't too complex. TBH you are
probably going to settle on some implementation of LDAP - probably
OpenLDAP - yes, I know you've tried it before, but it should work.
Configuring the clients to use LDAP via SSSD is not a problem; your
issue is going to be setting up the LDAP server. It's a long time since
I've done it so I'm not a person to hand hold, but your needs are
simple and there will be plenty of tutorials and guides and how-to's
out there to step you through the process. Once the LDAP server is
setup you basically never have to touch it - all configuration is done
through processes interacting with the server, including provisioning
accounts and so on - even the initial configuration is done by talking
to the server.

There are other options than LDAP, and servers other than OpenLDAP, but
LDAP is the de facto standard.

P.