LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

March 2015

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS March 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Bizarre bug
From:	"P. Larry Nelson" <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 3 Mar 2015 14:51:46 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (68 lines)

On 3/3/15 1:08 PM, Stephen John Smoogen wrote:

	[snip...]

Oh aye, many mouths have poo-pooed NIS as insecure and old fashioned.
And I have considered leveraging our campus's AD or LDAP and do away
with my NIS service.  But then I'd have to deal with the campus Windows
people.  I have collaborators from all over the world in my passwd file.
They are not university faculty staff or students.  Very hard to get
them into the campus AD or LDAP.  I'll stick with my own NIS.  It takes
me all of about 2 minutes to add a new user.  If they are not part of
the university, that could take days if I used campus services.

> So NIS is not getting as much testing anymore as it is being listed as a
> no-no in various .gov/.mil/PCI/HIPAA audits. So a lot of NIS problems
> seem to have crept in and are only showing up now because large
> deployments of Dark-Matter computers are beginning to move from an 8
> year old OS to a 5 year old OS. I list this as the Dark Matter of
> systems because there are large numbers that no one seems to know about
> until the gravity of the situation hits them.
>
> The things I would look at for this are:
>
> 1) Put in the ip address of the nis server into /etc/hosts and see if
> that fixes things. If it does.. it is a bug, but one similar to
> something I ran into with SunOS 4.1.4 a loong time ago. [Solaris 2.4
> also had a similar one.. and IRIX 6.2 (I think). ]
>
> 2) Turn off nscd (or sssd? in EL7) to see if it changes how the system
> reacts. It may be caching hosts which aren't reachable but portmap is
> going to try and talk because it thinks its still available.
>
> 3) strace of closing processes might be useful with strace writing to a
> file so it isn't lost when the box shuts down completely.

Thanks Stephen!  If I ever get some free time and curiosity overwhelms
me, I'll try some of your suggestions, but I think I'll just resort to
the old 'files nis' order and move on.

> Could you tell
> me which file and lines you commented out?  [Thanks]

Are you talking about /etc/nsswitch.conf?
I didn't comment out any lines - I merely snipped out the
default lines that already had comments so it was easier to read.

Thanks,
- Larry

>
> --
> Stephen J Smoogen.

-- 
P. Larry Nelson (217-244-9855) | IT Administrator
461 Loomis Lab                 | High Energy Physics Group
1110 W. Green St., Urbana, IL  | Physics Dept., Univ. of Ill.
MailTo:[log in to unmask]    | http://www.brf-llc.com/lnelson/
-------------------------------------------------------------------
  "Information without accountability is just noise."  - P.L. Nelson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV