Chris's Wiki :: blog/sysadmin/WhyNotNISToday Commentshttps://utcc.utoronto.ca/~cks/space/blog/sysadmin/WhyNotNISToday?atomcommentsDWiki2011-07-27T22:12:16ZRecent comments in Chris's Wiki :: blog/sysadmin/WhyNotNISToday.From 69.158.17.191 on /blog/sysadmin/WhyNotNISTodaytag:CSpace:blog/sysadmin/WhyNotNISToday:bc1c91987b177dc6c1c73f6922343691888232afFrom 69.158.17.191<div class="wikitext"><p>I think NIS lives on because it works and people don't want to bother re-inventing the wheel. It's a bit inappropriate nowadays (except perhaps if you use the 'shadow' map and not put the password hash in the 'passwd' map).</p>
<p>Similarly with LDAP, while it may be a bit complicated to get going for some, but there are quite a few HOWTOs out there that let you get going fairly quickly.</p>
<p>Of course distributing files is a lot easier with things like Cfengine and Puppet now as well, so distributing the various /etc files is fairly simple. Though it it's handy to be able to use the "host" LDAP attribute to restrict people's logins to only certain hosts:</p>
<p><a href="http://wiki.debian.org/LDAP/PAM#Allowing_logins_on_a_per-host_basis">http://wiki.debian.org/LDAP/PAM#Allowing_logins_on_a_per-host_basis</a></p>
<p>We're currently using it and it's quite handy as we have many different groups and sub-groups of people: even if many people are in a group, only some of those people should be logging onto some of the machines owned by that group, and it's usually easier to use the "host" attr than setting up yet another group.</p>
</div>2011-07-27T22:12:16Z