managing user accounts without NIS
glindahl at hpti.com
Sat May 20 15:03:56 PDT 2000
> > NIS and NFS are pretty efficient at what they do, and can be
> > configured to cache to some extent. Why reinvent them?
Neither NFS nor NIS are ideal. NFS doesn't do well at gigabyte/second I/O,
and NIS, well, it's hard to think of anything that NIS does that well.
> NIS and NFS are insecure and incur performance penalties. I'm looking
> for better alternatives. My idea of setuid-root wrappers (using rsync
> for distribution of relevant files) already provides a more secure,
> high-performance, high-availability alternative; I just want to make
> sure that there isn't something better out there already, and that I'm
> not overlooking some potential security hole.
I distribute password files by copying. Updates are all made on 1 server;
replace the command the user runs to change their password. This command
does not have to be setuid root; it can rsh/ssh as the user to the server
and run the usual passwd.
More information about the Beowulf