[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] AccessSpace NIS (lots of Q's)
Hi All,
Thanks for your input into the redesign of the system at Access Space.
Here's my reactions and observations so far - and a stack of
what-does-this-actually mean-type dumb questions. Am I getting the
wrong end of the stick, or does our emerging proto-plan seem like it
might work?
NFS ====>
We don't seem to have much trouble with NFS on its own. Maybe I'm
missing something, but NFS _seems_ entirely stable. It's the NIS
that's a pain in the r*ctum. Have we just been lucky with NFS?
What sorts of problems usually manifest themselves with NFS? Should
we stick with it, or bite the bullet and go for OpenAFS?
NIS ====>
Argh! I hate those binary config databases, and all of that remaking
of them every time you have to add a new user. Basically, I don't
like any config files that aren't plain text. (I don't trus what I
can't see!)
Does LDAP have plain text config files? If it does, hell, I'm in
favour, even if they are complex!
LDAP ====>
We've just been given a load (16) of 166-200mhz Pentiums with 32mB
RAM. Do you reckon they'd be beefy enough to run LDAP without too
much logon lag?
PAM ====>
I don't really understand the relationship between PAM and LDAP. (If
there is one...) What are "Pluggable Authentication Modules"? Are
they the bits of data served out by LDAP? I'm struggling. Please help!
SMB ====>
We have a Samba print server running which we (sort of) understand.
Hell, it works! It's clearly within our powers to learn this sort of
thing, but I don't want to flail around researching stuff when its
inappropriate for our purposes. (That's why I'm asking all of these
dumb questions).
What advantages might there be of running Samba over NFS in
preference to just plain NFS for remote directory mounting? Could we
run Samba over OpenAFS? Why?
What about print servers? Which is best, Samba, plain remote
printers, or some other system? (Remember, think "lightweight"!).
OpenAFS ====>
Does this work as a pretty-much direct alternative to NFS? (i.e.
Server daemon with permissions set in a config file, Client daemon
readily available and lightweight, so it's pretty much fire & forget?)
If yes and yes, and there are significant advantages over NFS, then
where do I get it? Now, now, now! ;-)
Kerberos =====>
What is it?
I think I get that (in layman's terms) LDAP is a "permissions
server", but what is Kerberos? A secure protocol for communicating to
an LDAP server? Will we need this if we're only logging on to
accounts from machines inside the space? Why? (Please let your
paranoia run wild if you're so inclined).
That's all for now! ====>
So, there's a load of questions. At the moment the provisional plan
is to Firewall and IP MASQ with a freestanding box, not address DNS
serving inside the network at all (yet) except with a caching Proxy
(more dumb DNS questions later...), get an LDAP server running on a
freestanding box and use either plain NFS, Open AFS or Samba over NFS
to mount remote directories on another freestanding box. Then the
idea is to have 100% redundancy, with cold backups for everything.
Not very clever, but robust.
Only once we've done that will we look at hot backups - but that's
another story. We need to know what we need, first.
Cheers,
James
=====
--
who: James Wallbank
org: Redundant Technology Initiative
tel: +44 114 2495522
fax: +44 114 2495533
eml: rti [at] lowtech.org
web: www.lowtech.org
loc: Access Space
1 Sidney Street
Sheffield
S1 4RG
UK
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.