Re: Seeking advice about auth/home serving

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On Oct 15, 2008, at 9:51 AM, "Filipe Brandenburger" <filbranden@xxxxxxxxx > wrote:

Hi,

On Wed, Oct 15, 2008 at 06:05, Laurent Wandrebeck
<l.wandrebeck@xxxxxxxxx> wrote:
2008/10/15 Ian Forde <ian@xxxxxxxxxxxx>:
Without knowing more specifics, you could always try using the /net
automount... as in: /net/servername/data

It's ugly, and rarely used, but it works for small networks...

automount could do the trick, but it's ugly, as you said :)

automount is not ugly, what is ugly is to use paths that include the
name of the server, in that if you change the server name the path of
the files will change. This is also ugly because you end up having
cross-mounts, in which machine A mounts a volume from machine B and
machine B mounts a volume from machine A, so when you want to shut
them down they may hang one waiting for the other one to come up (and
with fstab instead of automount, you have the same problem when you
boot up).

Try to write your own auto mount maps that mount to descriptive mount points rather than server names:

/archive/00, /archive/01...


automount is actually quite a good tool if you really need to do this
kind of stuff, which in your case you will probably have to anyway.
The setup with automount is actually good in that volumes will be kept
mounted only while they're used (if you use a short enough timeout),
and in your case it seems that they will be seldomly used, so you
would not have NFS mounted filesystems most of the time.

I sure recommend you to move from NIS to LDAP, for your network size
OpenLDAP should be good enough, but you may want to look into a
Directory Server if you want something more robust (although it will
be harder to set up). When you implement LDAP, make sure you implement
it over SSL if you don't want your passwords going unencrypted over
the network, or use LDAP for user information only and Kerberos for
authentication.

If all your doing is serving up mount maps or netgroups then ldap is over kill, definitely don't put passwords in nis (or ldap) use kerberos for those.

A small user base can be handled more easily via nis then ldap you don't need to put passwords in passwd use kerberos for those.


NFSv3 -> NFSv4 also looks good, but I would say this tends to be a
more risky upgrade, since NFS3 is quite stable and NFS4 is still
somewhat new and you may end up having some surprises with it.
Personally I will still stick with NFSv3 for a while.

For best interoperability use v3.

-Ross

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux