NIS - "Could not read ypservers map" during "make"
pll at lanminds.com
pll at lanminds.com
Wed Jun 18 11:11:05 EDT 2003
>>>>> On Wed, 18 Jun 2003, "ken" == ken at flyingtoasters.net wrote:
+> My copy of "Managing NFS and NIS", by Hal Stern, page 23, says
+> that the NIS master should not include the "+::::::" entry in the
+> /etc/passwd file. On page 26, it states that NIS clients must
+> have that entry.
ken> Adding the "+" stuff to the passwd file does not make you a
ken> client; executing ypbind (successfully) does. The "+" stuff
ken> makes the client _able_ to append NIS info to the passwd info;
ken> you can certainly leave that off for thems who wish to restrict
ken> access.
The '+' stuff only works if you've set 'passwd', 'shadow', and/or
'groups' to "compat" in /etc/nsswitch.conf/
YP *Master* servers do not need to be clients, but you must configure
it's /etc/nsswitch.conf file appropriately so that it looks in the
correct places for things. Actually, now that I think of it, you
might need to bind a master to itself so that it can read the
'ypservers' map in order to distribute the NIS maps to the slave
servers. Though, for some reason, I thought the NIS makefile took
care of that by basically doing a "for in `cat ypservers`"
(It's been a long time since I've set up a yp master server :)
ken> if I were starting from scratch, and had to choose to learn
ken> one of the above (NIS, NIS+, LDAP), I'd probably go with LDAP:
ken> it's more flexible, and allows for all sorts of password
ken> synchronization and the like. Handy. On top of that, its
ken> failover (I'm doing it via round-robin DNS) makes NIS'
ken> "failover" look like the joke it is.
While I agree with this sentiment in general, I think I'd rather use
NIS. Despite how insecure and flawed it is, I'm finding LDAP to be a
huge beast. LDAP is as flexible as the X Window system is. It is
all things to all people at all times under any given condition. As
a result, trying to understand how to do one thing with LDAP, is not
overly difficult, but trying to do several things with LDAP gets very
confusing very quickly. My impression is that if you don't set up
LDAP from the very beginning to do everything you want it to,
changing it's configuration after the fact is going to be extremely
painful.
At least with NIS, it's a known quantity, it does one thing and it
does it adequately. If you have the luxury of existing in an all
UNIX environment, NIS is the way to go if you have to (though, both
Derek and I can make a *really* strong case for a distributed,
flat-file based environment built upon rsync and ssh to over come the
major problems with NIS :)
So, Ben, does this philisophical discussion in anyway help you fix
your computer ;)
--
Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
It may look like I'm just sitting here doing nothing,
but I'm really actively waiting for all my problems to go away.
If you're not having fun, you're not doing it right!
More information about the gnhlug-discuss
mailing list