How to synchronize users, passwords, hosts, etc without NIS

Question

I am administering a very small solaris 2.6 network with 4 boxes total. Is it possible to use scp or similar to replace NIS for synchronizing users, groups, hosts, etc?

This network is only a small part of my job and I don't want to spend too much time on it, and I am worried the setup and maintenence of NIS will not pay off. I need it to behave like a proper multi-user system, when a user logs into any machine, the users, passwords, hosts, etc. are always the same.

Is there an easy way to do this with scp? Right now I copy /etc/passwd from one box to another with scp, but sometimes I make mistakes or forget a step, and scp inside of shell scripts don't seem to works so well since they require password authentication. Any recommendations would be welcome.

Solaris is typically set up with NIS -- it will almost certainly be easier to set up and more reliable than cobbling something with scp or rsync. If you want all hosts to have all info locally, you can set all but one up as NIS slaves and have changes pushed from the NIS master. — mpez0, Feb 06 '10 at 18:47
This would be the obvious choice if I was an experienced administrator, but right now I am learning everything from scratch. I am concerned that all the time spent researching NIS, and implementing and setting up the system, are just not going to be worth it if I can just find a way to copy /etc/passwd, /etc/shadow, /etc/group and /etc/hosts. — joshxdr, Feb 07 '10 at 03:41
NIS survived for years because it is simple and easy. You'll be better off using it than kludging together something that does what it does, and the person who takes over after you will thank you for not making some ssh+perl+duct tape contraption. — chris, Feb 09 '10 at 15:01
I bit the bullet and installed NIS. It took most of an afternoon including the time to learn how it works and what it can do. Overall I think even for my small network I will save time compared to trying to administer with scp. — joshxdr, Feb 24 '10 at 20:54

Teddy · Accepted Answer · 2010-02-09T09:27:33.533

“I want to talk to people in the office down the hall, but there's no phone there, and I don't know how to install one. What is the best way to set up a string and paper cups between the offices?”

Any solution you come up with other than normal NIS or LDAP will probably be "simpler" to set up, but will also be non-standard and error-prone. Consider using standard tools and facilities for standard tasks instead of reinventing yet another wheel. Please, think of your successor!

score 2 · Answer 2 · answered Feb 06 '10 at 16:00

2

To make scp work in scripts just generate a key pair and add the public key into ~/.ssh/authorized_keys. On the client run:

ssh-keygen

or

ssh-keygen -t rsa

Copy ~/.ssh/id_rsa.pub file from client on the server:

scp ~/.ssh/id_rsa.pub server:client_sshkey.pub

Install the key by running on server:

mkdir ~/.ssh
cat ~/client_sshkey.pub >> ~/.ssh/authorized_keys
chmod -R g=,o= ~/.ssh
chmod g-w,o-w ~/

answered Feb 06 '10 at 16:00

Mircea Vutcovici

17,619
4
56
83

So after performing this procedure, I have the save privileges on the client that I have on the server when I perform scp? – joshxdr Feb 07 '10 at 04:00
No, this procedure allows you to connect on the server from the client without requiring a password and in a fairly secure way. – Mircea Vutcovici Feb 08 '10 at 18:36
Password management is only 5% of what NIS gives you. You also need to distribute authorization info (shells, home directories), you need to distribute automount information, and a wide range of other info as well. Just the ssh keys really gives you not much at all. – chris Feb 09 '10 at 14:59

score 2 · Answer 3 · answered Feb 06 '10 at 16:08

I would perhaps look at something like Puppet to automate the syncing of the passwd/group/hosts file. You might want to also look at Webmin, which has a cluster sync feature that might fit your needs also. Using an authorized_keys file will work with scp, but you'll have to manually write the scripts, and track any errors that would occur.

LDAP is the modern way to go to centralize passwd/group/host information, but the time investment would be greater then NIS, so it probably doesn't fit your need.

score 2 · Answer 4 · edited Sep 02 '12 at 07:50

2

Setting up the NIS Master is about two pages, including lists of the files used. Setting up NIS clients is less than one page (executive summary: run 'ypinit -c'). This will really be the simplest way to go, and will be in common with 98% of Solaris shops.

edited Sep 02 '12 at 07:50

alanc

1,500
9
12

answered Feb 09 '10 at 14:03

mpez0

1,512
9
9

and if you want it to be really reliable, make every other system an NIS slave... – chris Feb 09 '10 at 14:41

score 0 · Answer 5 · answered Feb 06 '10 at 15:59

0

Use scp with .ssh/authorized_keys. Then scp will not ask for password. You can easily google for it

answered Feb 06 '10 at 15:59

osgx

603
12
26

How to synchronize users, passwords, hosts, etc without NIS

5 Answers5