We are going to migrate our Sun machines (including NIS server) from SunOS 4
to Solaris 2 and I'm wondering about the implications for our Alphas.
BTW, I am posting to both the Alpha and Sun list. Since I do not know the
policy of the latter, nor I am subscribed, please send replies by e-mail to
me, and I will summarize to both lists.
Our institute configuration at the moment is the following :
- one Sun (SunOS 4.1.x) as DNS server and master NIS server
- a number of DEC Alpha (DU 3.2) as NIS clients
- a number of Suns (SunOS 4.1.x) as NIS clients
The Alpha access "hosts" information on the DNS server (actually, entry in
svc.conf is hosts=local,bind,yp) and all other maps from NIS.
The Suns access "hosts" information in the standard SunOS way (which I believe
is DNS forwarding by the NIS server). In particular while we list all our
machines in the SOA file of the DNS, we've found that workstations needed by a
Sun NFS export or mount have to be in the NIS maps.
There are four of us doing maintenance of maps. We change often only hosts
(SOA and NIS), passwd and "aliases" files, and seldom "services". To do this
we telnet from our machines on the NIS/DNS server as root (or as ourselves and
su root), do the editing, and then either kill -HUP the named or cd /var/yp
and make.
Most our machines have the same root password (and NFS root access). There is
a group of machines with a different root password, and a no NFS root access.
Different people than us care about those, but we do all changes to NIS passwd
and aliases for them centrally.
We are now going to move our Suns from SunOS to Solaris (2.5). I have read
most of the manuals (the transition guide and the NIS, DNS, etc. manuals)
but that left me with a lot of doubts about what is the easier and better
way because of the NIS vs NIS plus issue :
- solution A would be to :
. have a Sun being a NIS plus server in NIS compatibility mode
and at the same time being DNS server
. leave the Alphas as NIS clients (what else can I do)
. make the Suns as NIS clients
- solution B would be as solution A, but with the Suns as NIS plus
clients
(in both cases one of the Sun should be a replica NIS plus server, and
therefore a NIS plus client ; I also plan to a add a DNS secondary on
one of the Alpha, we already have a secondary off-lan on our parent
domain)
(*) ALPHA-specific question
Any problem I should be aware for an Alpha NIS client of a Solaris
NIS plus server with NIS compatibility mode ?
In particular I do NOT need to configure the NIS plus server for
DNS forwarding (-B), the Alphas will contact the DNS server directly
because of my svc.conf. Correct ?
(*) Sun-specific question
Any counterindication to solution B (minimizes changes and security
complications, we already have a test machine with Solaris as NIS client,
with hosts: files dns in nsswitch.conf) ?
In particular do I need to configure the NIS plus server for DNS
forwarding (-B) ? I assume not, because all the Suns will be running
Solaris 2, not SunOS 4, Correct ?
So I can effectively get rid of the hosts NIS map, and use only DNS
to distribute hosts information at last !
(*) general questions
It is clear to me that one can populate NIS plus tables from preexisting
files or NIS maps at the very beginning. But what then ?
If I am running NIS compatibility mode, are the maps in /var/yp used
for initial population to be kept ? can they be deleted ? will they
be mantained by the server, or it just "translates" NIS plus tables for
NIS clients ?
How does one update the maps (instead of "edit ; cd /var/yp ; make") ?
Does one have to use a GUI administration tool ? This would be annoying
since one has to go to the server (we'd prefer to telnet into the server
and use some linemode commands), or do a setenv DISPLAY back to one's
workstation (but this is annoying for an Alpha user like me, Sun
Openwindows applications tend to be picky ... and what happens if we
decide to use CDE on the Suns instead ?)
I am quite puzzled by the bulk of security related issues in the NIS
plus manuals (credentials, DES etc.). We do not want to authorize
ourselves to administer NIS from our accounts, we are happy to "su root"
for that. We want to keep as now same root password for most w/s but
a little group (whose root WON'T administer nis).
Any problem with all the above ?
Also I do not understand the reason why one has to "initialize users"
under NIS plus and not just client machines. Does it apply to us ?
----------------------------------------------------------------------------
Lucio Chiappetti - IFCTR/CNR - via Bassini 15 - I-20133 Milano (Italy)
----------------------------------------------------------------------------
Fuscim donca de Miragn E tornem a sta scio' in Bregn
Che i fachign e i cortesagn Magl' insema no stagn begn
Drizza la', compa' Tapogn (Rabisch, II 41, 96-99)
----------------------------------------------------------------------------
For more info :
http://www.ifctr.mi.cnr.it/~lucio/personal.html
----------------------------------------------------------------------------
Received on Tue Jan 20 1998 - 17:42:28 NZDT