[TUHS] YP / NIS / NIS+ / LDAP

[Robert Brockway]

On Sun, 4 Nov 2018, Grant Taylor via TUHS wrote:

> Does anyone have any experience with YP / NIS / NIS+ / LDAP as a central 
> directory on Unix?

I used NIS a lot in the 90s and early 2000s.  I think it continues to be 
underrated.  The main gripe people had was lack of security but if all of 
the hosts were in the same security domain anyway it wouldn't matter. 
Integrated very well with NFS on Solaris & Linux for me back in the day.

NIS+ is awful.  Let us not speak of it again.

I did a lot of LDAP around 2007-2010.  I got quite good at writing 
filters as we were using for a lot more than juse user auth.

Most installations I'm seeing today auth to AD, which is of course now 
supported.

> I'm contemplating playing with them for historical reasons.
>
> As such, I'm wondering what the current evolution is for a pure Unix 
> environment.  Read:  No Active Directory.  Is there a current central 
> directory service for Unix (or Linux)?  If so, what is it?

In my experience LDAP is preferred in a pure *nix environment these days. 
I've never played much with Kerberos.

There is another option that is largely ignored...

Increasingly *nix systems are managed through orchestration tools like 
Puppet or Ansible.  One option is to build the user account details from 
an AD or LDAP backend on the orchestration server and write it out 
locally on the *nix boxes.  The *nix boxes just auth locally but still 
gain the benefit of dynamically managed users.  There are advantages and 
disavantages of this outside the scope of this list.

Cheers,

Rob