[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Sheflug Meeting / AccessSpace NIS

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
From: nospam [at] alexhudson.com
Date: Fri, 30 Mar 2001 10:14:21 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz
User-Agent: Mutt/1.3.12i

On Fri, Mar 30, 2001 at 10:38:11AM +1000, Matthew Palmer wrote:
> > The way I've set things up in the past is this. Account access /
> > authentication over a network done over LDAP - you can get a PAM module
> > which plugs in, and then you just pop all the account information into
>
> I can say from experience that LDAP auth is *not* a lightweight solution
> when running on Access Space's hardware.  I've implemented it here in the
> IEEE lab, and the server is running on a 486.  Logins can take up to 40
> seconds to complete.  Not a pretty sight.

40 seconds?!?!? In my experience, LDAP has _always_ beaten the pants off of anything it's been put against. Have you tried an ldapsearch from the command line to verify it's actually taking that long for slap to find the information? I would be *really* surprised if it was actually taking that long to pull information out of the database... even big databases .. but, that said, I've never tried it on such hardware, so I'm willing to accept that could be. I'd be really interested to know the bottleneck though - I would assume it's not CPU?

> That said, LDAP is *much* sexier, so if there's a Pentium lying around not
> doing an awful lot (say a dedicated server that user's don't have login
> rights to) you could probably get it running fast enough, and with the
> addition of nscd (which you should have going already, running NIS) it can
> be sped up sufficiently.

LDAP rocks :-) It can add an extra layer of complexity though - I've seen people who have their nsswitch suitably bonkered, and have big dns loops (ie., search ldap! ldap - who is x.x.com? ldap - I have no idea! I'll look it up!.. ad infinitum), and understanding all that o=my company,dn=this person nonsense is quite offputting, but it is soooo cool..

> Argh!  OpenAFS to the rescue.
> 
> My dream system is LDAP for the account info, Kerberos for the
> authentication, and AFS for the home directories.

Is OpenAFS stable enough for that kind of nonsense yet though?? I generally wouldn't use something unless it was in the mainline kernel, but, I suppose it's definitely worth a play - it certainly doesn't look shoddy, that's for sure, and probably beats the pants off of NFS (not hard :)

> LDAP is a relatively easy technology to make happen.  The concepts are
> tough, but the servers are pretty easy to make happen.

Yeah, even replication is a doddle, it's just the schema that are horrendous :)

Cheers,

Alex.

PS. Next post will be wordwrapped, I promise....
-- 
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
  - From: Matthew Palmer <mjp16 [at] ieee.uow.edu.au>

References:
- [Sheflug] Sheflug Meeting / AccessSpace NIS
  - From: Alex Hudson <home [at] alexhudson.com>
- Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
  - From: Matthew Palmer <mjp16 [at] ieee.uow.edu.au>

Prev by Date: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Next by Date: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Prev by thread: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Next by thread: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Index(es):
- Date
- Thread