[plug] making linux desktops consistent

raven at themaw.net raven at themaw.net
Tue Apr 27 19:15:10 WST 2004 

On Tue, 27 Apr 2004, Craig Ringer wrote:

> Mark O'Shea wrote:
> 
> > Mounting home directories over NFS has been a pretty standard way of doing
> > things in the UNIX world.  There is no reason why you shouldn't do this
> > with Linux (providing no NFS traffic can leave or enter your network, it's
> > not the most secure thing around).
> 
> I've had good results with this. Typically I prefer terminal server 
> setups instead, but NFS homedirs do work fine.
> 
> Depending on the programs being run, you'll need to make sure that only 
> one copy of each user account is logged in at any one time, though. Some 
> apps don't deal with this well.

That's not acceptable. Ditch the apps.

I don't have that problem. Our Linux processing machines have 2 
jobs running the same app (2 CPU machines). These machines would be useles 
if they couldn't.

Maybe you are saying you shouldn't have two machines accessing the same 
data files at the same time.

> 
> > If you don't want to be copying config files like passwd, hosts etc.
> > around then you could use NIS to store this config on the server and have
> > the clients use them for configuration
> 
> Personally, I tend to prefer LDAP for this as it's _vastly_ more secure 
> and IMHO easier to use. All you need on each client is pam_ldap and 
> nss_ldap. The downside is that documentation on LDAP is a bit thin on 
> the ground, so getting started can be tricky. I think it's been covered 
> by a few magazines and things recently, though (LJ definitely had an 
> article on it a while ago). Try the PLUG archives, too.
> 
> I actually gave up on NIS in frustration and tried LDAP auth instead - 
> with much success. If you use TLS, it's quite secure as well.

LDAP is much harder to administer but the security is much better. I agree 
that LDAP is the approiate migration path from NIS.

However, you are doing something wrong if NIS doesn't work for you.

<shameless plug>
Oh and the automounter can use LDAP for its maps as well. You need 4.1.x 
or a RedHat patched autofs 3.1.x if you want to use LDAP v3.

Alass, SuSE ships 4.0.0 I think.
</shameless plug>

Ian

More information about the plug mailing list