Jack Barnett wrote:
>
> For the last while year _everything_ (web server, smtp/pop3 server, shell
> access, radius, etc) has been run off of one Sparc station 20 running
> Solaris. The problem with this, is that there is to much for this sun
> machine to handle, the loads get real high and is not good.
>
> What I want to do, is for the time throw a Linux box in here to take over
> 1/2 the work so it provides faster and more steady services. The problem
> is, there is over 2000 users on the system, and there is really an option to
> take the server down.
>
> What I wanted to do is make the Linux box into a mail server running
> sendmail and pop3, this is where about half the load on the machine is, it
> would really free a lot of resources on the Sun machine if this was taken
> off and a either dual pent pro 200MHZ or pentIII with 256 RAM scsi linux
> system should be able to provide 2000 users with sending/recieving email
> (right?).
>
> The thing is, if you send [EMAIL PROTECTED], the mx record points it to the
> linux boxes, the linux will say "user bob not found" since the linux and sun
> box have differant /etc/passwd files. So there where has to be a secure way
> to sync the sun /etc/passwd (and /etc/shadow) file to the linux /etc/passwd
> file, so they could receive mail on the linux box as well as pick it up
> though pop3. Also might have to sync the radius users file to the linux
> radius users file. Have sort of the Solaris box as the "master" and linux
> box as the "slave" mail server off of it.
>
> I have been looking into NIS+ and OpenLDAP and not sure which would be
> better suited at this job.
>
> I won't really need NFS since the Linux box has a couple 10,000RPM scsi
> cheatah drives connected up and has really good i/o and the solaris box has
> been running into i/o bottlenecks just because there is to much stuff on it.
> Also the machine won't be in the same place, they will be connected via
> direct line , so NFS isn't really needed here and would be more of a
> degardation in performance most likely.
>
> I was wondering if I was going about this right? Would Sun NIS+ be
> compatiable with Linux NIS? Does OpenLDAP work with Solaris 2.3? What is
> more suited for this job? Also everything would have to be encrypted
> between the 2 since the connection between them won't be considered
> "trusted", it is probably safe, but I won't want to take any chances. Also
> there would have to be a further option avaiable to throw a 3rd of even 4th
> unix box in here if after time 2 boxes can't handle the load.
>
> Has anyone did anything like this before? The only experince I have is most
> everything is run off 1 single unix box that does or tries to do everything.
>
> Got any good docs that could go into detail and theogry about this?
>
<snip>
If you don't want to use NIS (unencrypted) and it does not matter if the
/etc/passwd's are out of sync for some time (about an hour or so), then
you can periodically copy the files via scp, part of ssh. You must then
restict changes to these files to the master. or find a way to merge the
changes with diff and patch (ugly).
The other option I see is to use NIS and employ an encrypted tunnel (a
mini-VPN) between the Sun and the Linux box. IPSec comes to mind, but
have a look at (originally) Sun's Skip (an implementation of which is
available for Linux as enskip). This option is only fine when the
regular traffic _between_ the two boxen is low (ideally only NIS),
because the encryption will eat CPU time.
Have a look at my HOWTO (see below), if you need further information on
IPSec or ENSkip. it provides at least the URLs to further docs that I
have not handy.
Marc
--
Marc Mutz <[EMAIL PROTECTED]> http://marc.mutz.com/Encryption-HOWTO/
University of Bielefeld, Dep. of Mathematics / Dep. of Physics
PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
