Re: [seul-edu] WebVC special yppasswd

[Daniel Dent <ddent@vc.bc.ca>]

> 
> I have been meaning to setup NIS for a while now.  I
> have some questions.  Could I get some info from you --
> mostly security related issues -- possibly configuration
> -- but I am sure the HowTos are quite good.
> 
Hi Bill,

At the school where I have WebVC setup, we have a lab of 28 computers all
running NIS and NFS off one fast ethernet connection to a PII 300
computer.  This server also serves various services for the entire ~1000
student school. We share the home directories with NFS, as well as
/usr/local, /var/spool/mail and a few others.  All the computers use NIS
from our server for all the accounts.  This means that we only have to
change the accounts on our server, and we have it synchronized to all the
lab automagically.  We are going to be adding in samba to replace our
novell server for our whinedoze (ugh!) lab.  This will give us a truly
universal login. We will be adding a slave NIS server onto one of the
computers in the lab soon just in case our main server goes down.

As far as security goes, nis has made it useless for us to have shadow
passwords, as one can always do a "ypcat passwd".  We haven't experimented
with NIS+ yet, but this should allow us to re-establish shadow passwords.
With (I believe the latest) version of NIS that we are using, we must
specify the server rather than broadcasting on the subnet, so this makes
it more secure as someone may not simply run another server and have
computers use it.

I have not found our one server to be overloaded in anyway, and we have
not noticed any slow file access over NFS, so this set up seems to be
quite good.

Daniel Dent