tamir@ucla-cs.UUCP (04/16/87)
Sun's Yellow Pages service seems like a reasonable solution
to the problem of managing accounts on a large number of machines.
However, over the past year I have seen several messages on
the net implying that the were serious problems with
the Yellow Pages and that many people have decided not to use
this service. There are, of course, many people who are using it.
I would like to know what are the major problems with the use
of the Yellow Pages service for managing accounts on
a large number of machines.
I am particularly interested in hearing from people who had
the possibility of using the Yellow Pages service but decided against it.
Other comments (positive & negative) on the subject would be welcome as well.
If I get interesting responses, I will post a summary.
Yuval Tamir
Internet: tamir@cs.ucla.edu
UUCP: ...!{ihnp4,ucbvax,sdcrdcf,trwspp,randvax,ism780}!ucla-cs!tamirtamir@CS.UCLA.EDU (04/23/87)
In article <5541@shemp.UCLA.EDU> I wrote: >Sun's Yellow Pages service seems like a reasonable solution >to the problem of managing accounts on a large number of machines. >However, over the past year I have seen several messages on >the net implying that the were serious problems with >the Yellow Pages and that many people have decided not to use >this service. There are, of course, many people who are using it. > >I would like to know what are the major problems with the use >of the Yellow Pages service for managing accounts on >a large number of machines. >I am particularly interested in hearing from people who had >the possibility of using the Yellow Pages service but decided against it. >Other comments (positive & negative) on the subject would be welcome as well. It looks like there are some real problems with the Yellow Pages. The responses I got are attached below. I am interested in receiving additional responses. I will post another summary on the net if I receive more useful information. Yuval Tamir Internet: tamir@cs.ucla.edu UUCP: ...!{ihnp4,ucbvax,sdcrdcf,trwspp,randvax,ism780}!ucla-cs!tamir ------------------------------------------------------------ My guess is that the greatest trouble with the Yellow Pages approach is in retrofitting a unified userid scheme into an existing collections of machines. We introduced Yellow Pages to systems whose password files were already in alignment and are having no problems. ------------------------------------------------------------ yp is fine for giving machines access to data such as /etc/passwd or /etc/hosts remotely. The problems as I see it are in generating the data in the first place, not in accessing it once it is in place. There is no interactive update procedure. There is a separate program to change your password which rebuilds the database and then rcp's it to all the hosts. As far as I can recall, other changes like chfn don't work at all. This may or may not bother you. yp itself works. The issue is whether it gives you all the facilities you need to manage your systems. ------------------------------------------------------------ We are currently using yellow pages on a system with 3 file servers and 30 clients. In addition, there is another server with 4 clients on the yellow pages domain. Problems: We don't know how to turn off yellow pages for specific functions. ex. The yellow pages master has the ethernet addresses for all the clients. We see no reason for this. Security is rather fragile. Twice I've had a database corrupted when someone at a non-master server tried to update his own machine. That machine became master with an incomplete database. Apparently, anyone with root access can bring down the yellow pages service. Since we are running a network with the machines owned by several research groups, this will probably become a larger problem. Yellow pages does not guarantee the to keep the order of a database. This has caused us some troubles with the host tables of gateways. I have been under some pressure to turn off yp. I am slowly moving in that direction. ------------------------------------------------------------ We have a couple VAXen, about 30 68000s running our version of UNIX, and several Suns. All run NFS, but only the Suns run YP. Part of the reason is historical: our experiences with YP 2.0 (the version shipped with SunOS 2.0) were abysmal. YP 2.0 was quite buggy. YP 3.0 is much better, but still not something that we can have a lot of confidence in. Here are the problems we've seen: - it's huge: programs that previously had quite modest aspirations are now giants. Here's an example: /usr/bin/id: 14508 + 1174 + 5992 = 21674 (without YP) /usr/bin/id: 37706 + 6734 + 13138 = 57578 (with YP) - it's slow. Sun can get away with this because their machines are quite fast, but putting a YP server on a moderately loaded machine is painful (for its clients). - error handling is not adequate: password lookup routines are not something the average UNIX program expects to fail (or hang). - it's not transparent On the other hand, it's there. If you have a network that's large enough to require a complex name server and stable enough that you can rely on always being able to find a server in time of need, it does a reasonable job. ------------------------------------------------------------