Date: Sat, 13 Dec 2008 21:46:03 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Nguyen Tam Chinh <unixvn@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users Message-ID: <49442D1B.4000608@infracaninophile.co.uk> In-Reply-To: <64b284310812120645m6c5ee122mb0510014343eff3f@mail.gmail.com> References: <139b44430812112348k5c51072ie771913c982f7cfe@mail.gmail.com> <49422A05.6050907@gmail.com> <ghtdp3$g0r$1@ger.gmane.org> <20081212120557.V3687@wojtek.tensor.gdynia.pl> <9bbcef730812120426t3c4b8a28q337c8379cd947702@mail.gmail.com> <20081212141156.E4001@wojtek.tensor.gdynia.pl> <139b44430812120527w7b22d8a1m860cbf308e4b67c3@mail.gmail.com> <ghtq19$o1f$1@ger.gmane.org> <64b284310812120645m6c5ee122mb0510014343eff3f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD805165F339D466B95BA5A42
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Nguyen Tam Chinh wrote:
> On Fri, Dec 12, 2008 at 9:47 PM, Ivan Voras <ivoras@freebsd.org> wrote:=
>> Valentin Bud wrote:
>>> If you only have UNIX systems in LAN. But in my case i have Linux + F=
reeBSD
>>> (server). From the handbook
>>> NIS only works between FBSDs. Am i missing something?
>> You are correct.
>>
>=20
> Hmm, I have NIS server on an old Solaris 8 and all clients are Linux
> (I can't use FBSD at work due so far). So it sounds strange if NIS
> works only between FBSDs, something not standard in the
> implementation?
> Anyway, I also vote for the LDAP. Later on when you need to introduce
> new services, LDAP will integrate better. NIS is very specific for
> *nix world.
>=20
The problem with NIS between Linux and FreeBSD is the format of the
password database. FreeBSD uses /etc/master.passwd -- which contains
everything that's in the standard /etc/passwd file and adds the password
hashes and several extra columns to do with password expiry and login
groups.
Linux, and other SysV-alike systems like Solaris have /etc/passwd -- same=
as on FreeBSD -- and /etc/shadow: a separate file with password hashes an=
d
various controls for password expiry. The formats of /etc/master.passwd
and /etc/shadow are incompatible, although (assuming the password hashes
are compatible) it should be a fairly small matter of programming to writ=
e
scripts to convert between the two.
In the case where you have a FreeBSD NIS server and Linux clients, it is
perfectly feasible to have the FreeBSD box serve a Linux-style /etc/shado=
w
database via NIS. This means users can log in on Linux machines, and I
think it's also not too difficult to make changing passwords over NIS wor=
k
(although ICBW), but the client users will not automatically be able to l=
og
into the central (FreeBSD) NIS server. Some might view this as a /featur=
e/.
Of course, as has been pointed out else-thread, LDAP is the way of the=20
future. It's much more scalable and interoperable between different OSes=
than NIS, provides huge amounts of extra functionality and it supports
things like geographically distributed sites all sharing the same passwor=
d
database but with local users managed from local servers. (LDAP is a
hierarchical database much like the DNS. As with the DNS, sub-domains in=
the LDAP tree can be delegated off to different servers. Although that's=
pretty advanced usage). Even a basic setup does require a much steeper
learning curve to get it going from scratch than most of the alternatives=
=2E
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigD805165F339D466B95BA5A42
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAklELSEACgkQ8Mjk52CukIxyXgCfYTi2Patsg7eU5hFT5L8t0upR
5wAAnRSr9ku2jXZDbYfMp3BFInqPH+WV
=hZ3j
-----END PGP SIGNATURE-----
--------------enigD805165F339D466B95BA5A42--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49442D1B.4000608>