Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got a number of Linux/Mac OS X/UNIX/Windows machines I would like to authenticate in a consistent way. Currently some of them use NIS, though, and some have outdated OS's.
LDAP is clearly a good way moving forward, however the question is: if I want to have NIS and LDAP with the same user info, is that possible? Is it possible to keep them in sync via some sort of an established procedure? Has that been done? How?
I suggest that you should standardize on one or the other, and not attempt to keep them in sync.
Obviously, if you do find it necessary to use both, you need to designate one of these two as being "the (one and only...) authority." You will need to find an appropriate mechanism by which updates to one are immediately slaved to the other, such that only one of the two must be maintained. Obviously, there are compelling advantages in not having to do that.
LDAP (nee Open Directory) is a very widely accepted standard, and I would suggest going to the necessary effort to getting all of the computers in your shop to conform to it. Even "older" OSes should offer LDAP support. You might have to reconfigure some things, but this should be very manageable without "throwing the baby out with the bathwater."
I suggest that you should step back, look at all of your systems' present state, and determine exactly what would need to be done to each one to bring it up to standard. (You'll also need to reconcile the various "authorities" to be certain that they do, in fact, convey "one, and only one 'truth.'") Then, look for ways to deploy the necessary configuration changes to as many systems as possible "automagically," i.e. (to quote a really dreadful country song...) "this ain't no thinkin' thang." Carefully develop a conversion project-plan, troubleshoot it before beginning, then execute it.
Last edited by sundialsvcs; 11-04-2011 at 03:02 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.