On Monday, May 4, 2015, Lonnie Olsen wrote: > NIS+ has been depreciated for reasons of security. LDAP (and
> occasionally Kerberos) are the new standard. *shudder* Maybe I'll just stick with my method. It may be kludgy, but it's a HELL of a lot easier to implement than any LDAP lookup sequence I ever saw. Call it a mental block or a paradigm shift, but I've seen some LDAP queries, and setting them up with all the proper sections just makes me shudder thinking about it. I've already scripted a multi-machine setup method. It's ugly and kludgy, I freely admit. But to me it makes a _HELL_ of a lot more sense than LDAP ever COULD. I'm sure people will disagree with me, but the idea of setting up OpenLDAP to accept queries looking like "dn=this,ou=that,ou=other" and having to keep track of this, that, and the other honestly just SCARES me. LDAP is for people who are absolutely expert and can understand it. I have a very hard time understanding it. I'll probably look at freeipa, just out of curiosity, but I don't foresee implementing that. Especially not on such a small project (six machines plus a server). That simplistic alternative is basically what I already do, although not quite that simply (I may have to go that route). As it stands now, I run a "newuser" script and it calls useradd on the NFS root, then executes a call to the server and a script on the server handles the tasks on the server (like calling useradd on the server and setting a quota on the nfs partition). Thanks for the tips. --- Dan On Mon, May 4, 2015 at 7:32 AM, Lonnie Olson <[email protected]> wrote: > On Mon, May 4, 2015 at 4:50 AM, Dan Egli <[email protected]> wrote: > > I was thinking I might just go for NIS+ or something, but I have > absolutely > > NO idea how to set anything like that up. > > NIS+ has been deprecated for reasons of security. LDAP (and > optionally Kerberos) are the new standard. > There are a million ways to implement them, but the easiest and > feature complete I have found is using FreeIPA > (http://www.freeipa.org). > > There is a more simplistic alternative. Automate a process to copy > files (passwd,shadow,hosts,etc) to all machines involved. This can be > done via basic scripting, or a config management tool (puppet, chef, > ansible, cfengine, etc). > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
