f



coordinating users between systems

Is this still the current version
http://docs.oracle.com/cd/E19626-01/820-0386/index.html

Got a few zones and a few PC's I'd like to coordinate usernames across...

....man, I got off easy: in 20 years I never did user support or mail administration...

--
joe
0
Joe
12/8/2016 7:42:09 PM
comp.unix.solaris 26025 articles. 2 followers. Post Follow

11 Replies
442 Views

Similar Articles

[PageSpeed] 56

If you're not opposed to a 3rd party solution Centrify does a good job of authentication and authorization.
You have to learn a moderate amount of Active Directory and Windows DC, DNS though.

Regards, Scott
0
Scott
12/9/2016 4:30:56 AM
On Thursday, December 8, 2016 at 10:30:59 PM UTC-6, Scott wrote:
> If you're not opposed to a 3rd party solution Centrify does a good job of authentication and authorization.
> You have to learn a moderate amount of Active Directory and Windows DC, DNS though.

Thanks, but this is for my home network, I don't need full blown identity mgmt, I just need to coordinate usernames/ids/passwords across a dozen, mostly virtual, hosts.
0
Joe
12/9/2016 1:59:09 PM
Joe Reid <downtownhippie@gmail.com> writes:
>On Thursday, December 8, 2016 at 10:30:59 PM UTC-6, Scott wrote:
>> If you're not opposed to a 3rd party solution Centrify does a good job of authentication and authorization.
>> You have to learn a moderate amount of Active Directory and Windows DC, DNS though.

>Thanks, but this is for my home network, I don't need full blown identity mgmt, I just need to coordinate usernames/ids/passwords across a dozen, mostly virtual, hosts.

The Java IDS system you first wrote about is pretty heavy duty, much
heavier than AD or Centrify or much else. That project actually lives
on long beyond Sun/Oracle as OpenAM sustained by Forgerock.org.

For ease of use, and lightweightness, if not all that secure, NIS
still works well in a mixed *nix environment. Its hard to beat as a
simple system that maintains common UIDs, passwords, etc. And just
about every *nix still supports NIS out of the box.

I'd say that the majority of people now-a-days though would use some
sort of database for just that service. Ie. many daemons like FTP can hold
users in a database to be authenticated from different pools of machines. 

The same database may be folded into use by RADIUS or email, or
whatever else you want to get going as well. 

An alternative (not one I like, but is commonly used) is OpenLDAP,
as many things let you do LDAP authentication build into their daemons. 
Windows Active Directory works pretty well as well as an identity
source, but that is more specialized in a *nix environment.

But from your comments, I'd think NIS would be the best fit if "modern"
security isn't a requirement.



-- 
Doug McIntyre
doug@themcintyres.us
0
Doug
12/9/2016 6:54:50 PM
In article <MvydnT5l1NJnYNfFnZ2dnUU7-UPNnZ2d@giganews.com>,
Doug McIntyre  <merlyn@dork.geeks.org> wrote:
>Windows Active Directory works pretty well as well as an identity
>source, but that is more specialized in a *nix environment.

Samba AD builds on OmniOS and presumably Solaris.
<URL:https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller>

John
groenveld@acm.org
0
groenvel
12/9/2016 7:07:27 PM
On Friday, December 9, 2016 at 12:54:57 PM UTC-6, Doug McIntyre wrote:
> But from your comments, I'd think NIS would be the best fit if "modern"
> security isn't a requirement.

thanks for the commentary.  In all honestly I was probably just looking to see if NIS was still the obvious solution when the requirements are such, yep.

thanks.

--
joe
0
Joe
12/9/2016 8:36:04 PM
In article <90cf7eb3-fd7a-4cbc-96cb-adb6ada8fc31@googlegroups.com>,
	Joe Reid <downtownhippie@gmail.com> writes:
> On Friday, December 9, 2016 at 12:54:57 PM UTC-6, Doug McIntyre wrote:
>> But from your comments, I'd think NIS would be the best fit if "modern"
>> security isn't a requirement.
> 
> thanks for the commentary.  In all honestly I was probably just looking to see if NIS was still the obvious solution when the requirements are such, yep.

Yes, NIS is the 10 second solution for a small unix network,
where you don't have any high security requirements.
I don't think Solaris 11 supports being a NIS server anymore
though (which is really silly in my view).

-- 
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
0
andrew
12/10/2016 7:19:31 PM
On 10/12/2016 19:19, Andrew Gabriel wrote:
> In article <90cf7eb3-fd7a-4cbc-96cb-adb6ada8fc31@googlegroups.com>,
> 	Joe Reid <downtownhippie@gmail.com> writes:
>> On Friday, December 9, 2016 at 12:54:57 PM UTC-6, Doug McIntyre wrote:
>>> But from your comments, I'd think NIS would be the best fit if "modern"
>>> security isn't a requirement.
>>
>> thanks for the commentary.  In all honestly I was probably just looking to see if NIS was still the obvious solution when the requirements are such, yep.
> 
> Yes, NIS is the 10 second solution for a small unix network,
> where you don't have any high security requirements.
> I don't think Solaris 11 supports being a NIS server anymore
> though (which is really silly in my view).
> 

I think I read that somewhere as well, you can always set up the NIS
server in a S1 branded zone :-)



-- 
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
0
YTC
12/10/2016 9:56:36 PM
andrew@cucumber.demon.co.uk (Andrew Gabriel) writes:

>In article <90cf7eb3-fd7a-4cbc-96cb-adb6ada8fc31@googlegroups.com>,
>	Joe Reid <downtownhippie@gmail.com> writes:
>> On Friday, December 9, 2016 at 12:54:57 PM UTC-6, Doug McIntyre wrote:
>>> But from your comments, I'd think NIS would be the best fit if "modern"
>>> security isn't a requirement.
>> 
>> thanks for the commentary.  In all honestly I was probably just looking to see if NIS was still the obvious solution when the requirements are such, yep.

>Yes, NIS is the 10 second solution for a small unix network,
>where you don't have any high security requirements.
>I don't think Solaris 11 supports being a NIS server anymore
>though (which is really silly in my view).

Considering we still ship ypserv as part of Solaris 11, I would
think we still support it.

Casper
0
Casper
12/12/2016 7:05:10 AM
On 09/12/2016 18:54, Doug McIntyre wrote:
> Joe Reid <downtownhippie@gmail.com> writes:
>> On Thursday, December 8, 2016 at 10:30:59 PM UTC-6, Scott wrote:
>>> If you're not opposed to a 3rd party solution Centrify does a good job of authentication and authorization.
>>> You have to learn a moderate amount of Active Directory and Windows DC, DNS though.
>
>> Thanks, but this is for my home network, I don't need full blown identity mgmt, I just need to coordinate usernames/ids/passwords across a dozen, mostly virtual, hosts.
>
> The Java IDS system you first wrote about is pretty heavy duty, much
> heavier than AD or Centrify or much else. That project actually lives
> on long beyond Sun/Oracle as OpenAM sustained by Forgerock.org.

FWIW I don't think that project became OpenAM as OpenAM is (high level 
view) aimed at protecting resources like web sites. Forgerock also have 
OpenDJ (LDAP) and OpenIDM (identity management/sync).

I suspect the best way to manage accounts across Unix *and* Windows is 
to go the Windows route and use AD. For a Unix-only solution NIS or LDAP 
(NB OpenLDAP definitely isn't the only option, see above!) is relatively 
easy.

-- 
Chris
0
Chris
12/12/2016 8:17:00 AM
On 12/12/2016 07:05, Casper H.S. Dik wrote:
> andrew@cucumber.demon.co.uk (Andrew Gabriel) writes:
> 
>> In article <90cf7eb3-fd7a-4cbc-96cb-adb6ada8fc31@googlegroups.com>,
>> 	Joe Reid <downtownhippie@gmail.com> writes:
>>> On Friday, December 9, 2016 at 12:54:57 PM UTC-6, Doug McIntyre wrote:
>>>> But from your comments, I'd think NIS would be the best fit if "modern"
>>>> security isn't a requirement.
>>>
>>> thanks for the commentary.  In all honestly I was probably just looking to see if NIS was still the obvious solution when the requirements are such, yep.
> 
>> Yes, NIS is the 10 second solution for a small unix network,
>> where you don't have any high security requirements.
>> I don't think Solaris 11 supports being a NIS server anymore
>> though (which is really silly in my view).
> 
> Considering we still ship ypserv as part of Solaris 11, I would
> think we still support it.
<digs more>
Oh, ok, pkg info ypserv shows it exists as part of the nis pkg.
But although nis is installed on my system, ypserv does not exist in
/usr/lib/netsvc/yp and pkg fix says nothing wrong.

Also nis/server does not exist
</dm>

So forgive us for suggesting it is no longer supported :-)
(I'm sure it is/was slated for removal at some point)

<reads some more>
Ah, it is NISplus that has been removed :-)
I only ever installed that twice, the 2nd time was because the customer
moved the server and changed the IP address......
</rm>



-- 
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
0
YTC
12/12/2016 10:17:06 AM
On Monday, December 12, 2016 at 4:17:10 AM UTC-6, YTC#1 wrote:
> <reads some more>
> Ah, it is NISplus that has been removed :-)
> I only ever installed that twice, the 2nd time was because the customer
> moved the server and changed the IP address......
> </rm>

Yeah, I setup NIS+ once too, for the BMG CD club back in '95.  did it's
job: users/groups/etc over subnetted networks...

Appreciate the discussion and info, looks like I'll be setting up an
NIS zone.

--
joe
happy holidays
0
Joe
12/12/2016 4:17:26 PM
Reply: