Re: NIS And /home Dirs On Client Systems
In article <[🔎] 200504082021.23883.hal@thresholddigital.com>,
Hal Vaughan <hal@thresholddigital.com> wrote:
>On Friday 08 April 2005 07:38 pm, Miquel van Smoorenburg wrote:
>> In article <[🔎] 42570EBB.6000601@familiasanchez.net>,
>>
>> Roberto C. Sanchez <roberto@familiasanchez.net> wrote:
>> >Hal Vaughan wrote:
>> >> I noticed, a few years ago, when I first set up an NIS server, that even
>> >> though the NIS clients get the full password files, that doesn't mean
>> >> home directories are automatically created for that user. I wrote my
>> >> own Perl util that reads the passwd file with 'ypcat passwd', then gets
>> >> the names, makes the home dirs, and chowns them.
>> >>
>> >> Now, while setting up new systems, I'm wondering: Is this a flaw in NIS,
>> >> or what? How do others handle it? Is there something else to handle
>> >> this I don't know about?
>> >
>> If you don't want shared homedirs, just automatic creation of
>> a homedir if it doesn't exist, read up on pam_mkhomedir.
>
>That was my thinking -- I don't want a shared /home mount. (Eventually, when
>I have more boxen, and employees, I'll be using LTSP and that will be a
>different story.). I can see how it would be nice, so I could log on
>anywhere on the LAN and have the same /home dir, but there are reasons I
>don't want that on some boxen. I just checked to see if pam_mkhomedir was on
>my system -- I'd think it'd be included with NIS (I didn't even find it with
>apt-cache search), and possibly set to go off when the NIS passwd file
>changes. It sounds like it does the same thing as my Perl script.
On my sarge system, it's in libpam-modules.
>The biggest reason for my asking is that none of the NIS Howto's I've read,
>and neither the Redhat or Debian Linux books (Debian GNU/Linux Unleashed and
>Redhat Linux Unleashed) said a single thing about this issue. It just seems
>to me like "the dirty little secret of NIS" that I had to solve myself, and I
>figured others had either run into it or there was one or more "standard"
>solution(s). I was wondering what other people's experiences were with this
>issue.
Well the thing is, NIS is just a directory service of sorts.
All that it is, client side, is a network based key/value
lookup service, nothing more. Creating homedirs on the fly is
out of scope for NIS.
Pam_mkhomedir doesn't have anything to do with NIS, either. It's
just a PAM module that creates a users homedir when they login
if it doesn't exist yet.
That's why pam_mkhomedir cannot change a homedir if the NIS map
changes since it doesn't know about NIS at all.
And in fact NIS client don't know about changes in the NIS
map, either, since the NIS map isn't present on the client.
And even if you ran a NIS slave server on each client so that
you did get updates pushed to you by the NIS master server,
then it'd still be pretty much impossible to trigger actions
on changes in a NIS map since NIS updates are always full,
there are no delta's. The protocol is not like "hey, field
x in map y changed", it's "map y changed here's a new one".
That's why most sites use NIS and NFS together, so that password
files and homedirs can be managed centrally (but seperately).
Mike.
Reply to: