[Beowulf] Fwd: NIS limitations question

Geoff Jacobs gdjacobs at gmail.com
Thu Feb 9 21:56:19 PST 2006


Mark Hahn wrote:

>>>>I belive i have seen on this maling list*, and other internet fourms** some
>>>>limitation of NIS, but i have failed to find a documented limiation from
>>>>SUN, or from the various linux distrubutions, did any one try to research
>>>>the scalability of NIS servers?
>>>>        
>>>>
>>>The standard answer, if you only rarely push, is to make every client
>>>a slave.
>>>      
>>>
>>The less violent solution is to simply run nscd (name service caching
>>daemon) on all clients - that will take a lot of the load off of both
>>your NIS and DNS servers   :)
>>    
>>
>
>I have deep admiration for DNS, and quite a lot of scorn for 
>various other systems that try to do similar things, poorly.
>for instance, LDAP works, but that's the best you can say for it.
>imagine if the LDAP folk had thought of how to use DNS as a 
>directory infrastructure (but alas, they were x500 recidivists ;)
>
>observe that DNS provides a general mechanism for providing 
>a synchronized database, including security, that could easily be 
>used to structure a user directory, including all the usual passwd 
>fields, ssh pubkeys, arbitrary site-specific stuff.  DNS has 
>well-established caching, lease-like TTLs, round-robin behavior, 
>delegation, secure updates, etc.  and you already have it in place.
>
>the best argument against this, I suppose, is that existing DNS 
>implementations (bind/named) are not exactly structured to make this 
>easy, and are certainly not intended for this kind of use.  then again,
>it's astonishingly easy to write a DNS server from scratch...
>  
>
How about the fact that many DNS servers are insecure and overbuilt?

Why not just write a utility which uses rsync to update local password
files from a central repository? Have it sync whenever a login occurs,
and have it on a cron job too. Add failover if you want.

>regards, mark hahn.
>
>_______________________________________________
>Beowulf mailing list, Beowulf at beowulf.org
>To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>
>  
>

-- 
Geoffrey D. Jacobs
MORE CORE AVAILABLE, BUT NONE FOR YOU.




More information about the Beowulf mailing list