Ken Rossman wroteI don't even think there is any need for NIS anymore in an environment where LDAP lives.
Right. I should have said (LDAP|NIS) and NFS. The only reason I say NIS is
there's lots of folks out there with lots of NIS experience that may or may
not have LDAP experience. It's easy to leverage them to get user
authentication and automount doing the Right Thing(tm).
And I should amend what I said as well, since the environment I am working
on converting right now HAS to be NIS/LDAP/NFS for a little while until
I can get the Solaris machines there upgraded to Solaris 9 (from S7).
I don't believe (though I am really not sure) that S7 supported LDAP
in the general sense, so S8 or S9 would be a better choice. Now, of
course, the topic was/is Linux environments, but in case there are other
Unix machines in the mix, these are considerations.
One other gotcha I ran into, by the way, was that a centralized password authentication scheme could run into trouble when there were Sun/Solaris machines in the mix that were earlier than Solaris 9. The reason is that MD5 encryption (and someone correct me if I am wrong about this) is what Linux (and other systems these days) are using for password encryption, and Solaris, earlier than S9, did not offer the option to plug in alternate encryption such as MD5 ("crypt" is apparently the default -- I am still learning about this).
In any case, before you go with a global authentication scheme, make
sure all of your clients and servers can use the same style of encryption
for the passwords.
K
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list