At Thu, 17 Dec 2009 15:43:25 -0800, "Aaron J. Grier" <agrier%poofygoof.com@localhost> wrote: Subject: YP alternatives > > On Wed, Dec 16, 2009 at 03:24:23PM -0500, Greg A. Woods wrote: > > At Wed, 16 Dec 2009 23:53:09 +0700, Robert Elz > > <kre%munnari.OZ.AU@localhost> wrote: > > > Unlike printf(), malloc() etc, I think YP is worth being trashed. > > > Its usefulness is zero, which really is limited. But never mind... > > > > Indeed. I turned off USE_YP and MKYP after I turned off my last running > > SunOS-4 machine many years ago, and I have not looked back. > > what are my options for centralized (or distributed) user/login > credentials across a group of NetBSD-running machines aside from YP? That's a good question! My answer is that "It Depends". :-) What I've done in the past for sites where managing accounts on multiple machines grows beyond the abilities of any sane administrator to use "cut&paste" style management is to use a central management system of some kind, or even just to do all management on one core system directly in the normal ways (vipw, etc.), and then on all other systems I set up scripts which regularly pull necessary information from the central system (or database) and automatically update their password files, config files, etc. Some of this can be done with existing tools even, such as cfengine. Push-style updates work well too, depending on the specific needs of the site and the systems in question. I really don't like the idea, any more, of using real-time network access to control authentication and authorisation, but then I haven't had to deal with sites with hundreds or thousands of machines which need to have consistent A&A either in many years, and back then I did use YP. I suppose Kerberos could still be a viable solution -- it's a heck of a lot better in design (and I think implementation), than YP/NIS is, and it's even got hints of covering more platforms than just Unix-like ones too. -- Greg A. Woods Planix, Inc. <woods%planix.com@localhost> +1 416 218 0099 http://www.planix.com/
Attachment:
pgpf2Qf43iuxC.pgp
Description: PGP signature