Does anyone know where I can get NIS for CentOS 8?
—
_
°v°
/(_)\
^ ^ Mark LaPierre Registered Linux user No #267004
https://linuxcounter.net/
****
14 thoughts on - CentOS 8 NIS
$ dnf provides ypserv
… ypserv-4.0-6.20170331git5bfba76.el8.x86_64 : The NIS (Network Information Service) server Repo : AppStream Matched from:
Provide : ypserv = 4.0-6.20170331git5bfba76.el8
mid to late 90s on a network of Sun Solaris systems (after all, they virtually invented it), but we got rid of it by the mid 2000s because its simply not secure by any rational definition, and only really suitable on a network where everyone trusts everything attached to the network, that world simply doesn’t exist anymore.
Le 09/04/2020 à 02:42, Mark LaPierre a écrit :
According to the Release Notes, NIS has been officially deprecated in CentOS 8.
You might want to move to 389 Directory Server. Robust, secure and well-documented.
Cheers,
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
Nicolas Kovacs writes:
NIS works fine on CentOS 8. Certainly the client side. But how it’s enabled is different, check the manual. authconfig is replaced with authselect.
Le 09/04/2020 à 11:05, isdtor a écrit :
NIS “works fine” in the sense that telnet works fine.
:o)
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
Nicolas Kovacs writes:
It is not our job here to second-guess implementation decisions made by others as only the people concerned are familiar with their environment’s restraints and business requirements.
Yes, let me validate Mr. Kovacs comment. I am aware of the shortcomings of NIS in the area of security. Let me provide some information on the topography of my network and my reasoning for choosing NIS/NFS. Perhaps an alternative may be suggested to meet my needs without totally confounding me when it comes to configuration. I tried another solution some time ago but failed miserably. Search for “nobody:nobody” in my transactions on this mail list from 2019/04/02.
I have a small home network, four CentOS boxes, three running CentOS 6
at the moment. This network is behind an ONT and an Edgerouter. Machine #4 is a newly constructed AMD 16 core with a set of four 2TB HDs that will be configured as a RAID array. I plan to host the home directories of all the users on my network on the array and share them out to the other three machines to be auto-mounted when the user logs in. I did this successfully using NIS/NFS about 20 years ago in a small private grade school network that I built from the scrap heap of old and abandoned machines, and no money, that they had on hand.
All the machines on my home network will eventually be running CentOS 8
seeing that CentOS 6 is very near EOL. Being that they will all be running the same flavor of CentOS should make configuration a bit easier.
I need a set of tools that is fairly simple to configure, by which I
mean has complete and accurate documentation which I can find, and does not present impediments to future system configuration. My hope is to do all the user management on the 16 core that will be hosting the raid.
I don’t want to have to log onto all the other machines to twiddle bits each time I want to add a new user account.
I designed the 16 core with the intent of putting it’s non-entertainment/educational clock cycles to work as a Monero miner. I
chose Monero because it is specifically resistant to ASIC implementation demanding excellent system CPU and GPU performance and plenty of RAM, 64
Gb in this case. There’s no point in trying to mine Bit Coin et al. unless you plan to live for the 1000 years it will take to earn just one.
Now that I’ve bored you to tears, are there any suggestions as to what I
should use as a replacement for NIS/NFS for sharing and mounting of
/home directories on the other three machines on my network? Consider that you are probably going to end up holding my hand in this endeavor so choose something that you would want to configure and use.
The good thing about YP/NIS is that it’s simple – if all you want is for your clients to get user info it is ideal. Unfortunately it was designed in a time when passwords were hard to crack and “script kiddie” was a yet to be invented term. Some of my systems still use NIS+. but they are isolated and legacy.
I think your best bet is to see what’s supported in sssd – that will at least give you some hope of getting some level of consistency. Pick something that takes your fancy and isn’t too complex. TBH you are probably going to settle on some implementation of LDAP – probably openLDAP – yes, I know you’ve tried it before, but it should work. Configuring the clients to use LDAP via SSSD is not a problem; your issue is going to be setting up the LDAP server. It’s a long time since I’ve done it so I’m not a person to hand hold, but your needs are simple and there will be plenty of tutorials and guides and how-to’s out there to step you through the process. Once the LDAP server is setup you basically never have to touch it – all configuration is done through processes interacting with the server, including provisioning accounts and so on – even the initial configuration is done by talking to the server.
There are other options than LDAP, and servers other than openLDAP, but LDAP is the de facto standard.
P.
Unfortunately, openLDAP as a server is deprecated in C8, and isn’t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service.
—
Jonathan Billings
Why on Earth is deprecated? I suppose they want people to use FreeIPA, which is a bit of a steam-hammer-to-crack-wallnut type thing. P.
Dear P.,
NIS is out. Don’t ask me why. Ask the developer. On our cluster it is still in use, but for the next instance I must use LDAP or compile the packages by my self. Best wishes
it is, however, a completely different implementation, so no, its not openLDAP, which is a specific implementation.
—
-john r pierce
recycling used bits in santa cruz
Oh insert Deity here! This is going to take a semester of Computer Science to figure out.
dscreate create-template creates a 9K file full of mostly obscure and unintelligible options.
This where the hand holding I told you about comes into play.
This is what I’ve got so far:
config_version = 2
defaults = 999999999
The next option is full_machine_name which defaults to localhost.localdomain
I need to give this machine a name other than localhost.localdomain. I
guess that’s my next bit of search engine exercise to learn how to do that without making a giant mess. I remember trying to do this with the last attempt at LDAP a year ago. It wasn’t pretty and didn’t turn out well.
I guess that’s my next step for tomorrow. I’ve got to go to bed if I’m going to be able to stay awake long enough to write any code at work tomorrow.
14 thoughts on - CentOS 8 NIS
$ dnf provides ypserv
… ypserv-4.0-6.20170331git5bfba76.el8.x86_64 : The NIS (Network Information Service) server Repo : AppStream Matched from:
Provide : ypserv = 4.0-6.20170331git5bfba76.el8
mid to late 90s on a network of Sun Solaris systems (after all, they virtually invented it), but we got rid of it by the mid 2000s because its simply not secure by any rational definition, and only really suitable on a network where everyone trusts everything attached to the network, that world simply doesn’t exist anymore.
Le 09/04/2020 à 02:42, Mark LaPierre a écrit :
According to the Release Notes, NIS has been officially deprecated in CentOS 8.
You might want to move to 389 Directory Server. Robust, secure and well-documented.
Cheers,
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
Nicolas Kovacs writes:
NIS works fine on CentOS 8. Certainly the client side. But how it’s enabled is different, check the manual. authconfig is replaced with authselect.
Le 09/04/2020 à 11:05, isdtor a écrit :
NIS “works fine” in the sense that telnet works fine.
:o)
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
Nicolas Kovacs writes:
It is not our job here to second-guess implementation decisions made by others as only the people concerned are familiar with their environment’s restraints and business requirements.
Yes, let me validate Mr. Kovacs comment. I am aware of the shortcomings of NIS in the area of security. Let me provide some information on the topography of my network and my reasoning for choosing NIS/NFS. Perhaps an alternative may be suggested to meet my needs without totally confounding me when it comes to configuration. I tried another solution some time ago but failed miserably. Search for “nobody:nobody” in my transactions on this mail list from 2019/04/02.
I have a small home network, four CentOS boxes, three running CentOS 6
at the moment. This network is behind an ONT and an Edgerouter. Machine #4 is a newly constructed AMD 16 core with a set of four 2TB HDs that will be configured as a RAID array. I plan to host the home directories of all the users on my network on the array and share them out to the other three machines to be auto-mounted when the user logs in. I did this successfully using NIS/NFS about 20 years ago in a small private grade school network that I built from the scrap heap of old and abandoned machines, and no money, that they had on hand.
All the machines on my home network will eventually be running CentOS 8
seeing that CentOS 6 is very near EOL. Being that they will all be running the same flavor of CentOS should make configuration a bit easier.
I need a set of tools that is fairly simple to configure, by which I
mean has complete and accurate documentation which I can find, and does not present impediments to future system configuration. My hope is to do all the user management on the 16 core that will be hosting the raid.
I don’t want to have to log onto all the other machines to twiddle bits each time I want to add a new user account.
I designed the 16 core with the intent of putting it’s non-entertainment/educational clock cycles to work as a Monero miner. I
chose Monero because it is specifically resistant to ASIC implementation demanding excellent system CPU and GPU performance and plenty of RAM, 64
Gb in this case. There’s no point in trying to mine Bit Coin et al. unless you plan to live for the 1000 years it will take to earn just one.
Now that I’ve bored you to tears, are there any suggestions as to what I
should use as a replacement for NIS/NFS for sharing and mounting of
/home directories on the other three machines on my network? Consider that you are probably going to end up holding my hand in this endeavor so choose something that you would want to configure and use.
Choose wisely Grasshopper.
—
_
°v°
/(_)\
^ ^ Mark LaPierre Registered Linux user No #267004
https://linuxcounter.net/
****
The good thing about YP/NIS is that it’s simple – if all you want is for your clients to get user info it is ideal. Unfortunately it was designed in a time when passwords were hard to crack and “script kiddie” was a yet to be invented term. Some of my systems still use NIS+. but they are isolated and legacy.
I think your best bet is to see what’s supported in sssd – that will at least give you some hope of getting some level of consistency. Pick something that takes your fancy and isn’t too complex. TBH you are probably going to settle on some implementation of LDAP – probably openLDAP – yes, I know you’ve tried it before, but it should work. Configuring the clients to use LDAP via SSSD is not a problem; your issue is going to be setting up the LDAP server. It’s a long time since I’ve done it so I’m not a person to hand hold, but your needs are simple and there will be plenty of tutorials and guides and how-to’s out there to step you through the process. Once the LDAP server is setup you basically never have to touch it – all configuration is done through processes interacting with the server, including provisioning accounts and so on – even the initial configuration is done by talking to the server.
There are other options than LDAP, and servers other than openLDAP, but LDAP is the de facto standard.
P.
Unfortunately, openLDAP as a server is deprecated in C8, and isn’t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service.
—
Jonathan Billings
Dear P.,
NIS is out. Don’t ask me why. Ask the developer. On our cluster it is still in use, but for the next instance I must use LDAP or compile the packages by my self. Best wishes
Andy
Okay, I found
https://directory.fedoraproject.org/docs/389ds/download.html.
Thank you for the useful reply.
It appears that they just pasted a new name on an old horse. It’s still LDAP.
I’ll follow the directions there. At least the directions say they are for CentOS 8.1+
I’ll let you know what happens. I hope I don’t end up having to reinstall to fix the mess this makes.
—
_
°v°
/(_)\
^ ^ Mark LaPierre Registered Linux user No #267004
https://linuxcounter.net/
****
yes, its the standardized LDAP protocol…
it is, however, a completely different implementation, so no, its not openLDAP, which is a specific implementation.
—
-john r pierce
recycling used bits in santa cruz
Oh insert Deity here! This is going to take a semester of Computer Science to figure out.
dscreate create-template creates a 9K file full of mostly obscure and unintelligible options.
This where the hand holding I told you about comes into play.
This is what I’ve got so far:
config_version = 2
defaults = 999999999
The next option is full_machine_name which defaults to localhost.localdomain
I need to give this machine a name other than localhost.localdomain. I
guess that’s my next bit of search engine exercise to learn how to do that without making a giant mess. I remember trying to do this with the last attempt at LDAP a year ago. It wasn’t pretty and didn’t turn out well.
I guess that’s my next step for tomorrow. I’ve got to go to bed if I’m going to be able to stay awake long enough to write any code at work tomorrow.
—
_
°v°
/(_)\
^ ^ Mark LaPierre Registered Linux user No #267004
https://linuxcounter.net/
****