[OpenAFS] AFS client over NIS

Neulinger, Nathan nneul@umr.edu
Tue, 19 Feb 2002 07:26:31 -0600


> I have used a system where we maintained a single master
> /afs/@cell/common/etc/passwd and used a crontab job to
> merge this with local /etc/passwd on selected client machines.
> The merge only took place if the "master" file was newer than
> /usr/local/etc/passwd (local replica).
>=20
> This worked well and had the performance benefit of being
> able to lookup /etc/passwd from a local file. It is also robust
> because the local file read access is not impacted by network
> problems etc.

I have only seen a performance benefit from local password files in the
rare cases:

1. Crappy netgroup handling on linux (it doesn't used the
netgroup.byuser map, and indexes through all the component netgrops), if
you have lots of netgroups on a machine (or huge netgroups), this can be
slow, but it's similar in speed to file access.=20
2. Tiny password files for servers (only 5-10 userids)

For everything else, NIS will scream past a local password file.

Perhaps systems using nscd or similar will perform better, but I didn't
think that got used for local pw files.=20

> A question  to ask is: how many login ids do I need on each client?
>=20
> Generally, it is much easier to place "master" files in /afs
> rather than serve them via NIS.

True, but if you have 300+ unix machines, all with different membership
lists, you're creating a nightmare if you try to maintain all the
password files in AFS, and every time you have a new user, 300 files
likely need updated and pushed out to machines. Yuck.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216