LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

January 2015

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS January 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: ypbind not registering with rpcbind on SL7
From:	Konstantin Olchanski <[log in to unmask]>
Reply To:	Konstantin Olchanski <[log in to unmask]>
Date:	Wed, 7 Jan 2015 17:26:26 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (77 lines)

On Wed, Jan 07, 2015 at 05:27:32PM -0700, Stephen John Smoogen wrote:
> On 7 January 2015 at 17:06, Konstantin Olchanski <[log in to unmask]> wrote:
> >
> > I started in this business in 1992 and our cluster of SGI machines
> > was already based on NIS (from before my time). (I think
> > automount/autofs/amd
> > showed up a little later).
> >
> >
> And I expect that you had at that point still stories from people saying
> NIS broke everything when it went down and we should just use some homebrew
> kit (or worse yet.. add each user by hand because lord how are you going to
> know it got done.)
> 

Yes, "nis broke everything". But this went away since we install secondary NIS servers
on every critical machine - as long as local ypserv and local ypbind stay up,
no problems with NIS, even survives network outages (alsmost, DNS outages still cause problems).

Yes, "add each user by hand", just happened on one of the systems I built,
because local admins cannot figure out NIS and because ypbind keeps dying
on that machine. Not that adding the user manually did any good, without ypbind
they lose access to the auto-mounted home directory for that user.

With this experience - people cannot figure out "service ypbind restart"
and "vi /etc/auto.home; make -C /var/yp" - I am not putting out anything as
complex as LDAP, Kerberos, Web based administration, etc.

> > But believe it or not, I am seriously considering "going back" to
> > scp-pushed
> > config files - too many technical problems have accumulated with NIS and
> > with
> > the current software chain "nis maintainers"->Fedora->RHEL->SL I doubt they
> > will ever be fixed (even if "nis maintainers" still exist):
> 
> 
> NIS has been dead upstream for 10+ years when Sun started pushing NIS+ and
> then their own LDAP solution afterwords. A lot of large business/.gov/.mil
> list it as verbotten because of the many security problems it has (password
> issues usually though various hijacking items can occur). It is mostly
> still in the distribution because people like us who became admins from
> 1987->1994 have it in our toolkit and know how to use it.
> 

Yes, so true. And yet, in 10 years, no viable replacement, other than
the "light weight" 800 poud gorilla of "identity management" product.

>
> For the scp item.. you might want to look at ansible. It does orchestration
> over ssh which allows for a lot of bypassing of these items.
> 

Yes, thanks.

>
> Not as much these days... if at all. I actually know some remote data
> aqcuisition places converted over to windows only with it all automated. It
> is mostly from 2012 onward, but it is catching up and we may end up
> dinosaurs faster than we throught.
> 

Today's game is all in embedded computing - FPGA, embedded ARM, low power devices -
where x86 stuff and Windows are completely uncompetitive. (good. *I* am not worried).

-- 
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV