5

I'm setting up a smallish network of Centos servers (less than 10) and I'd like to have common logins on all of them as well as network mapped home directories.

I used to work with Solaris quite a bit and the setup I used was NIS and NFS. NIS to get common logins everywhere and NFS to network map home directories.

Is this the best way to go for a new Linux network or are there better options?

Edit:

I can't say definitively that this network won't ever have a Windows server on it but its likely to stay pure Linux. Ease of setup/use is my top concern. Its a development environment that should be easy to work with.

JR Lawhorne
  • 1,221
  • 2
  • 11
  • 12

1 Answers1

4

If you're certain that you'll ever only have *nix machines on your network, then this is a good solution. If you anticipate having to support other clients, though (OSX, windows, etc), then you may want to use an LDAP directory for authentication and authorization. If you want the most secure solution, then use MIT Kerberos for authentication, LDAP for authorization (UID/GID, home directory, shell, etc.) then use NFS for your homes.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • Is LDAP as easy as NIS to set up? I edited the original question to respond to yours. – JR Lawhorne Feb 06 '10 at 19:52
  • LDAP isn't too difficult, but if you've never worked with it, there will be a bit of a learning curve. If you're familiar with NIS and you're sure you'll stay 100% Linux, then I'd say just stick with NIS. – EEAA Feb 06 '10 at 20:20
  • Windows can be a NIS Server (vie Microsoft Services for Unix), but not a NIS client. – voretaq7 Feb 06 '10 at 20:57
  • 1
    NFS related note - Make sure all your NFS clients are doing soft mounts or you will experience the NFS Failure Syndrome (the NFS Server goes down and all your other machines go with it) – voretaq7 Feb 06 '10 at 20:59
  • 1
    @voretaq7 Don't use "soft" mounts if at all possible! From the nfs mount manpage: "NB: A so-called "soft" timeout can cause silent data corruption in certain cases. As such, use the soft option only when client responsiveness is more important than data integrity. Using NFS over TCP or increasing the value of the retrans option may mitigate some of the risks of using the soft option." – David Gardner Aug 06 '12 at 11:29
  • 1
    @DavidGardner Given the choice between the (relatively low) chance of data corruption or the (virtually guaranteed) chance of my system hanging if the NFS server goes down, I will go with the option that does not require a site visit to reboot the dead machine(s). Your circumstances may of course be different -- e.g. your datacenter may not be an hour away -- 3 with traffic. (Maybe I've been exceedingly lucky, but I've never had a corruption issue with soft mounts. I have had 3 AM calls because of NFS Failure Syndrome) – voretaq7 Aug 06 '12 at 15:14