On Sun, 12 Oct 2003, David S. wrote:


> > get Python stack handling running correctly on -current...). I'm
> > looking for help in developing some more automated cluster install
> > and management tools for NetBSD
>
> 'pkgsrc/sysutils/cfengine' might be useful here, at least for automated
> management.

	Another (less sophisticated) option would be sysutils/rconfig,
	if you prefer the 'push rdist trees' approach (but without having
	to write rdist files to get per host or os type files to take
	precedence over common files)

> > (any experienced help looking for
> > a job?).
>
> (Feel free to drop me a line.)
>
> >
> > Essentially, I view NetBSD as the best non-Sun os for complimenting
> > Solaris in our environment, but what can be done about integrating
> > NetBSD with NIS+? Ideas appreciated.
>
> NetBSD systems can certainly be clients of an NIS+ server run in NIS
> compatibilty mode.  You'll lose some security running in that mode,
> however.  NIS+ servers and clients do mutual authentication via
> public-key cryptography techniques, and the iformation from the
> various maps the server sends to the clients is encrypted.  NIS/YP
> doesn't do any authentication - servers and clients implicitly trust
> one another - and all data are transfered in clear text.  Also, if
> you're using hierarchical name spaces in NIS+, they may not work in
> NIS compatibility mode.  I've only used flat name spaces in NIS+.
> You can, however, tunnel NIS throuh SSH (see
> http://www.math.ualberta.ca/imaging/snfs/), which could ameliorate
> the clear-text transfer problem.
>
> So for integrating NetBSD clients into NIS+, consider your security
> requirements.  If you think your network is sufficiently trustworthy,
> run your servers in compatability mode.  Or just dump NIS+ for NIS/YP,
> possibly with SSH tunneling. (It'd probably work with 'stunnel', too).

	Does solaris support IPSEC? If so that might be a good way to
	secure the NIS (and any other rpc) traffic.

-- 
		David/absolute          -- www.netbsd.org: No hype required --