[OpenAFS] AFS client over NIS

Neulinger, Nathan nneul@umr.edu
Tue, 19 Feb 2002 09:23:47 -0600 

> -----Original Message-----
> From: Paul Blackburn [mailto:mpb@est.ibm.com]=20
> Sent: Tuesday, February 19, 2002 8:25 AM
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] AFS client over NIS
>=20
>=20
> Neulinger, Nathan wrote:
>=20
> >>I have used a system where we maintained a single master
> >>/afs/@cell/common/etc/passwd and used a crontab job to
> >>merge this with local /etc/passwd on selected client machines.
> >>The merge only took place if the "master" file was newer than
> >>/usr/local/etc/passwd (local replica).
> >>
> >>This worked well and had the performance benefit of being
> >>able to lookup /etc/passwd from a local file. It is also robust
> >>because the local file read access is not impacted by network
> >>problems etc.
> >>
> >
> >I have only seen a performance benefit from local password=20
> files in the
> >rare cases:
> >
> >1. Crappy netgroup handling on linux (it doesn't used the
> >netgroup.byuser map, and indexes through all the component=20
> netgrops), if
> >you have lots of netgroups on a machine (or huge netgroups),=20
> this can be
> >slow, but it's similar in speed to file access.=20
> >2. Tiny password files for servers (only 5-10 userids)
> >
> >For everything else, NIS will scream past a local password file.
> >
> >Perhaps systems using nscd or similar will perform better,=20
> but I didn't
> >think that got used for local pw files.=20
> >
>=20
> In our case, using AIX, the process for re-generating the=20
> local /etc/passwd
> used mkpasswd which (as stated in the man page):
> "Organizes the basic user database for efficient searches."
>=20

Ah... That's using something other than plaintext /etc/passwd... I seem
to remember that. It's like /etc/passwd.db or similar. In that case,
yes, you'd see a huge performance boost cause it's doing a hash lookup
in a dbm file. Most systems though do not have DBM format password
databases.=20

And yeah, I agree with your comments - you definately don't need to have
NIS to use AFS, but it sure makes some things alot easier if you're
doing a large number of machines.=20

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216