> I have a network of 3.2G servers running NIS without C2 security on them,
> and am considering putting C2 on. We currently manage the passwd and
hosts
> files with NIS. My question is how well does NIS handle the C2 databases
on
> 3.2g, if at all. Also, we will be moving to DU4.0D eventually, and if
> anyone has any experience with C2, NIS, and DU4.0D... Responses will be
> summarized. Thanks!
I recieved two responses - a don't do it and if you have a lot of users, it
can get slow.
I put in a call to my Digital Gold Unix support team, and Alan was very
helpful and pointed me to section 4.3.13.1 of the DU 4.0D release notes:
The following restrictions apply to distributing enhanced security profiles
via NIS:
* Successful and unsuccessful login attempts for NIS-shared accounts
require the completion of the following steps:
The master system's rpc.yppasswdd daemon must
respond and update the last successful and last unsuccessful login fields in
the prpasswd NIS map.
The NIS slave servers must answer to the yppush
operation initiated from the rpc.yppasswdd daemon. (Most successful logins
do not require a yppush operation, but login failures and password changes
do.)
The login process will not continue or terminate until both
of these steps are completed.
So, basically if your master NIS server goes down, every login will hang
until it becomes available. That is unacceptable (a single point of
failure).
Thanks to Jim Belonis [belonis_at_dirac.phys.washington.edu] and Clay Porter
[clay.porter_at_persimmon.com] for their help.
Donald Maner # fsck -t reality /dev/life
Support Engineer Segmentation Fault (core dumped)
SkyTel
Received on Fri Apr 03 1998 - 04:31:14 NZST