On Friday 30 January 2004 20:03 pm, Steven T. Hatton wrote:
I've never found time to focus on this topic, but I believe it is very important. I discovered automount purely by accident. It wasn't until I removed NIS that I learned that automount required NIS.
It doesn't. but works well with it. It may be a dependency, but automount (actually autofs) is independent of NIS. If you are thinking of using it then I'd reccomend getting the latest autofs4 from www.kernel.org.
I seem to recall that it does (did) not work with NIS+, or something like that. I'm trying to get all this straight in my head.
What are the various options available in SuSE 9.0 as regards NIS, NIS+, Automount, NFS, etc. I.e., what versions and variants are available, and how do they work together?
NIS+ is only available as a client - SFAIK there is no Linux server for it, only a Solaris one. Can't say any more about it that that... NIS works well, but you may need to hack the makefile to get it to distribute non-standard autofs maps. I simply added the necessary sections for my setup and it worked fine. There is no encryption on the passwords, so it shouldn't be used on an open or untrusted network. Also, you might need to consider which groups you map (I had to do some shenanigans to get GID uucp right so my client boxes can access serial devices.) Autofs3 doesn't (IME, YMMV) work well, especially with NIS. autofs4 (and I really do suggest getting the latest build) functions as described - I share all the autofs configs with NIS over 8 boxes without problems - but there are pitfalls which I'll happily help you with, or you can try the mailing list. NFS has some peculiarities - it doesn't co-exist well with reiserfs, no matter what people say about the problems being fixed. Security is basic to say the least, but if you configure it sensibly you should be safe on a closed network. It's not easy to get it running through NAT, to the extent that I wouldn't bother trying (again, YMMV.) Also, it's picky about whitespace in the /etc/exports file, and the file locking is not what it should be!
What are the advantages and limitations of each?
What kinds of security is available with each? Can the entire data transfer be encrypted?
Definitely not in the basic setups, but I suppose you could tunnel the connections over a secure link of some kind.
How. Can the authentication be encrypted or PKI based?
Not with NIS, and I don't know what PKI is. HTH Dylan
I know I could probably formulate more coherent questions. I'm just trying to get some discussion going. I know LDAP, DNS, and DHCP can also play into this topic, as can IPv6.
STH
-- "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin