topic Re: NIS and Trusted Mode in Operating System - HP-UX

NIS and Trusted Mode

Anthony deRito — Tue, 20 Nov 2001 21:23:13 GMT

To those of you who have converted from non-trusted to trusted and needed to find a replacement for NIS, what did you use?

Re: NIS and Trusted Mode

Sridhar Bhaskarla — Tue, 20 Nov 2001 21:25:03 GMT

LDAP

Re: NIS and Trusted Mode

Sanjay_6 — Tue, 20 Nov 2001 21:27:54 GMT

Hi Anthony,

Though i'm not using NIS, but i think NIS+ is the way to go if you have trusted system.

http://us-support.external.hp.com/cki/bin/doc.pl/sid=1c13687f1756845913/screen=ckiDisplayDocument?docId=400000000010771

http://us-support.external.hp.com/cki/bin/doc.pl/sid=1c13687f1756845913/screen=ckiDisplayDocument?docId=200000024645981

Hope this helps.

Regds

Re: NIS and Trusted Mode

A. Clay Stephenson — Tue, 20 Nov 2001 22:02:00 GMT

Easy, use NIS+. The bad news is that NIS+ is very different from NIS in terms of configuration.

Re: NIS and Trusted Mode

Anthony deRito — Wed, 21 Nov 2001 16:18:01 GMT

Sridhar, did you use HP's LDAP-UX Client Services or HP's NIS/LDAP Gateway? If none, whose software did you use? If you used LDAP-UX Client Services, which of the following functionality did you select:

NSS_LDAP (Name Service Switch)
PAM_LDAP (Pluggable Authentication Module)
LDAP Access Profile

Sanjay, thanks for the links!

Clay, what makes NIS+ so difficult to manage? Are there any difficulties implementing it or are the difficulties encountered when managing it?

Any other responses welcomed (and rewarded).

Tony

Re: NIS and Trusted Mode

A. Clay Stephenson — Wed, 21 Nov 2001 16:37:21 GMT

Hi Tony:

I didn't say that NIS+ is more difficult but rather that it is different. Moreover, your NIS knowlegde won't help that much. Many of the concepts are the same but the methods are different. Just as a simple example, all of the old yp* commands are gone and are replaced with nis*. More serious is how the data/maps are stored has changed. For example, to backup your NIS+ master maps you have to dump them to flat files and then back them up. As another example, the NIS+ namespace is hierarchical rather than flat is the NIS world. You can create a separate namespace for each department and manage them separately. NIS+ is definitely better than NIS; it's just different. For what it's worth, I wouldn't consider running a bunch of servers without it.

You can get a pretty good understanding of the differences by reading 'Installing and Administering NFS Services' (B1031-90042). You mighr consider attending an NIS+ class; it's really that different.

Clay

Re: NIS and Trusted Mode

Edward Finneran — Fri, 04 Jan 2002 21:15:26 GMT

in response to a recent query to the response center, the answer
was that the ldap-ux functionality was not supported on a trusted system.

Have other folks received a different answer to that question?
Are people actually doing it?

We've opened a business case with HP, since we want to move to a
centralized, LDAP-resident security model across all of our UNIX operating systems, but we're not willing to turn off trusted systems and have all our encrypted password go back into the /etc/passwd for all the users to see.

Re: NIS and Trusted Mode

Anthony deRito — Mon, 07 Jan 2002 15:40:06 GMT

Good point Edward... please let me know what you find out.

Tony

Re: NIS and Trusted Mode

Sergey Nikolaev — Mon, 04 Feb 2002 19:41:19 GMT

Hi, I am trying to use LDAP-UX
in trusted mode on HP-UX 11.0.
It doesn't work for me. Can it be made to work?

Sergey

Re: NIS and Trusted Mode

Sridhar Bhaskarla — Mon, 04 Feb 2002 19:51:06 GMT

Hi Sergey,

Initially we had a project to move to LDAP before and we scrapped it later as we couldn't get LDAP working over trusted as well due to the problem with different versions of Solaris at our site. And the official word from HP itself is that LDAP is not supported on Trusted systems if it is still correct.

-Sri