Disclaimer: This post is not for newbies, and is a work in progress!
We’re using YP in a low security (walled in) development environment. The convenience of yp and automount NFS is key, and the downsides don’t apply. None of the machines are exposed to the Internet.
It’s just like the good old days of SunOS (BSD 4.3) or maybe even a working version of Solaris (the first versions of Solaris were horribly buggy). This post will provide a lot of detail in getting YP tamed in an environment that uses both CentOS 5.5 and Ubuntu 11.04 (Natty Nahrwal).
First, let us note that the code bases for NIS on CentOS (Red Hat) and Ubuntu seem to be different. They behave differently. They default differently. They seem to have different bugs. And they interact with nsswitch.conf differently.
NIS in CentOS 5.5
$ yum install nis
In an environment where CentOS is being used as a server OS, and not a desktop OS (our case), NIS works out-of-the-box the way you probably want it to. Which is scary, because it’s not supposed to do that. As a point of reference, I’ll refer to the first edition of Managing NFS and NIS by O’Reilly by Hal Stern (April 1992 edition). This book was written based on SunOS, and since I no longer have any instances of BSD4.3 around, it will have to do as a baseline.
So, NIS does what you want it to do, that is, underlay passwd, group, and hosts. However, you don’t have to make any changes to the affected files to make this happen! You can change the behavior in nsswitch.conf.
NIS in Ubuntu
$ apt-get install nis
When you install NIS this way, the assumption is that you’re installing a client (only). A nice little dialogue box pops up during install to as for the domain you wish to connect to (it assumes that domain exists and that all is awesomely perfect). Be sure you know what the domain is (or is going to be) before you do the apt-get.
If you have a server,and it has broadcast communication with the client, and nothing is blocked by the likes of iptables (YP uses RPCs), it will come right up. But, you’ll probably need to edit /etc/nsswitch.conf to have anything close to the functionality you want. And, how about that nsswitch.conf? There’s a lot of stuff in there!
I’m using this on my Laptop, which is running Ubuntu 11.04 most of the time. When I start up the VPN connection to the lab environment, I simply issue a:
$ sudo service nis start
… and when I’m done, and ready to close down the VPN,
$ sudo service nis stop
… which I usually forget to do and regret later when the RPC calls hang and I have to wait for them to time out before I unfreeze! :-P
to be continued…