Mark Hahn wrote: >>>>I belive i have seen on this maling list*, and other internet fourms** some >>>>limitation of NIS, but i have failed to find a documented limiation from >>>>SUN, or from the various linux distrubutions, did any one try to research >>>>the scalability of NIS servers? >>>> >>>> >>>The standard answer, if you only rarely push, is to make every client >>>a slave. >>> >>> >>The less violent solution is to simply run nscd (name service caching >>daemon) on all clients - that will take a lot of the load off of both >>your NIS and DNS servers :) >> >> > >I have deep admiration for DNS, and quite a lot of scorn for >various other systems that try to do similar things, poorly. >for instance, LDAP works, but that's the best you can say for it. >imagine if the LDAP folk had thought of how to use DNS as a >directory infrastructure (but alas, they were x500 recidivists ;) > >observe that DNS provides a general mechanism for providing >a synchronized database, including security, that could easily be >used to structure a user directory, including all the usual passwd >fields, ssh pubkeys, arbitrary site-specific stuff. DNS has >well-established caching, lease-like TTLs, round-robin behavior, >delegation, secure updates, etc. and you already have it in place. > >the best argument against this, I suppose, is that existing DNS >implementations (bind/named) are not exactly structured to make this >easy, and are certainly not intended for this kind of use. then again, >it's astonishingly easy to write a DNS server from scratch... > > How about the fact that many DNS servers are insecure and overbuilt?
Why not just write a utility which uses rsync to update local password files from a central repository? Have it sync whenever a login occurs, and have it on a cron job too. Add failover if you want. >regards, mark hahn. > >_______________________________________________ >Beowulf mailing list, Beowulf@beowulf.org >To change your subscription (digest mode or unsubscribe) visit >http://www.beowulf.org/mailman/listinfo/beowulf > > > -- Geoffrey D. Jacobs MORE CORE AVAILABLE, BUT NONE FOR YOU. _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
