> Yes, let me validate Mr. Kovacs comment. I am aware of the shortcomings > of NIS in the area of security. Let me provide some information on the > topography of my network and my reasoning for choosing NIS/NFS. Perhaps > an alternative may be suggested to meet my needs without totally > confounding me when it comes to configuration.The good thing about YP/NIS is that it's simple - if all you want is for your clients to get user info it is ideal. Unfortunately it was designed in a time when passwords were hard to crack and "script kiddie" was a yet to be invented term. Some of my systems still use NIS+. but they are isolated and legacy.> > Now that I've bored you to tears, are there any suggestions as to what I > should use as a replacement for NIS/NFS for sharing and mounting of > /home directories on the other three machines on my network? Consider > that you are probably going to end up holding my hand in this endeavor > so choose something that you would want to configure and use. >I think your best bet is to see what's supported in sssd - that will at least give you some hope of getting some level of consistency. Pick something that takes your fancy and isn't too complex. TBH you are probably going to settle on some implementation of LDAP - probably OpenLDAP - yes, I know you've tried it before, but it should work. Configuring the clients to use LDAP via SSSD is not a problem; your issue is going to be setting up the LDAP server. It's a long time since I've done it so I'm not a person to hand hold, but your needs are simple and there will be plenty of tutorials and guides and how-to's out there to step you through the process. Once the LDAP server is setup you basically never have to touch it - all configuration is done through processes interacting with the server, including provisioning accounts and so on - even the initial configuration is done by talking to the server. There are other options than LDAP, and servers other than OpenLDAP, but LDAP is the de facto standard. P.
On Apr 12, 2020, at 05:47, Pete Biggs <pete at biggs.org.uk> wrote:> There are other options than LDAP, and servers other than OpenLDAP, but > LDAP is the de facto standard.Unfortunately, OpenLDAP as a server is deprecated in C8, and isn?t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service. -- Jonathan Billings <billings at negate.org>
On Sun, 2020-04-12 at 08:13 -0400, Jonathan Billings wrote:> On Apr 12, 2020, at 05:47, Pete Biggs <pete at biggs.org.uk> wrote: > > There are other options than LDAP, and servers other than OpenLDAP, but > > LDAP is the de facto standard. > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn?t > packaged anymore. Upstream they point customers to their directory > service, which is based on 389 directory service. ><sigh> Why on Earth is deprecated? I suppose they want people to use FreeIPA, which is a bit of a steam-hammer-to-crack-wallnut type thing. P.
On 2020-04-12 08:13, Jonathan Billings wrote:> On Apr 12, 2020, at 05:47, Pete Biggs <pete at biggs.org.uk> wrote: >> There are other options than LDAP, and servers other than OpenLDAP, but >> LDAP is the de facto standard. > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn?t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service. >Okay, I found https://directory.fedoraproject.org/docs/389ds/download.html. Thank you for the useful reply. It appears that they just pasted a new name on an old horse. It's still LDAP. I'll follow the directions there. At least the directions say they are for CentOS 8.1+ I'll let you know what happens. I hope I don't end up having to reinstall to fix the mess this makes. -- _ ?v? /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ****