On Mon, Nov 5, 2018 at 7:33 PM Grant Taylor via TUHS <tuhs@minnie.tuhs.org> wrote:

On small networks, I eventually jettisoned YP/LDAP et al in favor of flat text files in a directory tree on an NFS server. All clients mounted that and every $n$ minutes cron ran a script that sync'ed important files on each host. We were already using Kerberized NFS everywhere; this eliminated the directory service as another point of failure. Since passwords were in the Kerberos master, I didn't care about the contents of /etc/passwd, though I used make and cpp to generate "ACL" files that drove a script that generated /etc/passwd on each host so that e.g., normal users couldn't log into the NFS server; not because I cared about them logging in but rather because I didn't want them running real programs there and slowing it down.

Root was probably the only account with an actual password in /etc/{shadow,master.passwd} but that was explicitly chosen with enough entropy that if someone got the hash and ran crack or john the ripper or whatever against it they were only going to succeed in generating lots of heat.

If I only got a dozen or so systems, that's what I'd do again. Setting up an LDAP schema probably isn't worth the complexity; NIS would be the only other realistic option and it's just not secure enough in this day and age. Setting up a KDC and an NFS server is much easier.

        - Dan C.