[NTLUG:Discuss] NIS no longer developed?

Tom Adelstein adelste at netscape.net
Wed Aug 6 13:23:38 CDT 2003 


cjcox at acm.org wrote:
> Tom Adelstein wrote:
> 
>>
>>
>> cjcox at acm.org wrote:
>>
>>> Neil Aggarwal wrote:
>>>
>>>> Hello all:
>>>>
>>>> If I look at the Linux NIS homepage, it looks like the product
>>>> is no longer being developed.  Is that true?
>>>
>>>
>>>
>>>
>>> Probably not developed since it is complete.  Where do you think it
>>> needs to go?  Granted an good automounter still needs
>>> some development work, but that's a side tool often integrated
>>> with NIS deployments... but not a part of NIS.
>>>
>>>>
>>>> If so, what replacement are people using to centralize
>>>> password management in a mixed environment (Linux and
>>>> Windows)?
>>>
>>>
>>>
>>>
>>> IMHO, NIS works, and the others don't.  Oh.. you can
>>> spend several months getting OpenLDAP to work, but
>>> certainly not across the enterprise (all Unix/Windows/etc.)
>>> and the schemas are under HEAVY flux and will continue
>>> to be so for at LEAST another year or so (that from
>>> Gerald Carter).  Vendors are still trying to 0wn LDAP
>>> instead of working on interoperability.  If you're
>>> all Linux... then you're choices are wide open... if
>>> you're a mixed environment, then I prefer NIS + Samba + PAM + ssh
>>> for single sign on and single platform account management without
>>> the primary NIS security flaw (exposed DES encrypted
>>> passwords).
>>>
>>> Anyone who has gone through the pains of LDAP conversion
>>> more than once (due to the schema changes) will tell you
>>> they're sick of the changes.  Would be nice to see things
>>> settle down, but even then, will it integrate seemlessly
>>> with Microsoft Active Directory??
>>>
>>> LDAP... new technology, many security flaws, immature.
>>> Anyone recommending this over NIS hasn't really analyzed
>>> the tech too closely.
>>>
>>> I probably stand alone in this boat in the Linux community.
>>>
>>> Regards,
>>> Chris
>>>
>>>
>>> _______________________________________________
>>> https://ntlug.org/mailman/listinfo/discuss
>>
>>
>>
>> Chris,
>>
>> I recognize your extensive expertise in this area.
>>
>> I just have a problem with your absolutes "anybody" "immature" 
>> especially in light of the IMHO (in my humble opinion).
> 
> 
> Yep.. I went to OpenLDAP school under Gerald Carter at Usenix
> for the very reason of determining if it was baked yet...
> conclusion: smelling good, but not quite done.  Lots of
> frustrated attendees talking about having to do yet another
> schema migration to support the new definitions.
> 
>>
>> I've developed in places where LDAP works fine and the admins love it.
> 
> 
> Sun <-> Sun ... works great.. they 0wn the technology.
> 
> Linux <-> Linux  ... can work great, but requires some work unless
> all Linux use the same dist.
> 
>>
>> I've suggested NIS in other places and the people hated it.
> 
> 
> Haven't seen an LDAP yet that does Windows/Linux/HPUX/Solaris/AIX
> without jumping through major hoops (hoops which  to me are
> just as painful as account replications.. and in many cases,
> what I've seen done is effectively account replication when
> you get right down to it).
> 
> I'm surprised about the NIS difficulties... it's pretty
> simple.
> 
>>
>> Afterall, you like SuSE. How can anyone really trust your opinion?
>>
>> (Joking...joking...joking). <grin><grin><grin>.
>>
>> The only thing I'm saying is that I've seen lots of different opinions 
>> on it.
>>
>> Personally, I like NIS in smaller environments.
> 
> 
> Granted, I have not tried an implemenation into the 1000's of users.
> Most of mine involve hundreds of users.  Usually site autonomy
> comes into play, so I haven't had to worry about the difficulties
> of wide area account management.  But LDAP should have some of
> the very same issues that NIS has with that... and in some cases the
> problems will be worse (much worse).
> 
> My presentation materials do mention that LDAP is the "future"...
> but I'm not so sure now.  It's possible that it will be the
> future, but right now, it's definitely going through some
> of the very same birth pains that older technologies have
> already addressed or at least have talked about for many, many
> years.  I just surprises me to see a "new" technology
> repeating old mistakes... well.. perhaps "surprise" is too
> strong of a word.
> 
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list