My experience has taught me that YP is fine if configured correctly and
with sufficient slaves per subnet. I have used it in networks of several
hundred hosts in the past with no problem.

Putting aside the security issues it's a fine solution for an internal
network in a commercial environment. Security really _is_ a whole other
discussion here. Suffice to say that you shouldn't use NIS in any
situation where you care about protecting access to your hosts, at least
not without thorough understanding and investigation (e.g. not in DMZ
hosts or publically facing, not on high security servers, etc...)

I have tended not to use NIS for hosts information now though, preferring
to rely on DNS for that.

a solution using rdist is of course better, but sometimes requires more
work than a novice or even an intermediate administrator would be capable
of, and it certainly isn't working 'out of the box'

Cheers,

Al


On Tue, 16 Dec 2003, Anthony A. D. Talltree wrote:

>Date: Tue, 16 Dec 2003 13:52:47 -0800 (PST)
>From: Anthony A. D. Talltree <aad@verio.net>
>To: netbsd-help@netbsd.org, Mauricio <supremedalek@hotpop.com>
>Subject: Re: [Suns-at-Home] Housecleaning
>
>> For instance, take /etc/hosts: should I use
>>NIS/YP so I have to change only one file?
>
>My experience has taught me that YP is simply evil.  I find that in
>general rdist 6 obviates it.
>