Am 2022-02-04 12:32, schrieb Thorsten Kukuk:
Hi,
I think it's time to retire NIS.
I disagree. NIS still works, and does what it is supposed to.
The current code is now over 25 years old, and the protocol had already 25 years ago big drawbacks. Which SUN tried to solve with NIS+, but that wasn't really successful.
Which leads to the problem that the few NIS users run more and more into problems, since NIS doesn't fit anymore together with current network technologies, security requirements and in general modern technologies like Container and k8s.
I can't really confirm that. I have my network here based around a nis+autofs+nfs setup, and everything including "barebone" containers on several hosts and my K3s are playing along just fine.
Additional quite some of the features don't work anymore in most networks or at all and we had to patch several core libraries so that NIS can still work.
RPC itself, the base service, also has many limitations and was never designed for current network technologies and is creating more and more problems today. So the increasing work is not because of bugs in the code, but because the technology around changed incompatible.
My plan is: - drop ypserv from Factory
Not without a replacement, please.
- remove our own changes for NIS from the code - drop ypbind/yp-tools/libnss_nis/... from Factory
And what is going to be the replacement? Will there be something included in Leap/TW that is easy to use? Like, FreeIPA?
Of course, the code will still exist in the network:NIS devel project and continues to stay there, at least as long as it works without major efford. But we will not revert new changes in core libraries only to keep NIS working. And we will of course not patch upstream tools having NIS support like the dhcp server and clients, but you will have to configure this yourself.
So if you are still using NIS, you should think about switching to something more modern and secure, e.g. LDAP.
You mean, run a fullsized IPA server just because I want to hand out a few userIDs and automounter maps? Please provide FreeIPA early enough before dropping NIS. There are packages in security:idm but I haven't tried them yet. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org xmpp: lemmy@tuxonline.tech matrix: @mathias:eregion.de irc: [Lemmy] on liberachat and ircnet obs/pmbs: lemmy04 gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102