ken@gvax.cs.cornell.edu (Ken Birman) (11/14/89)
I'm probably not the best person to answer this question in terms of our environment, but all the staff here at CIS has some familiarity with YP in our environment. Here's the result of a 'ypcat passwd | wc': 2223 5785 162645 So it's clear that we have a few accounts. YP as defined from Sun suffers from several problems, but the largest is indeed the problem of updating database data-at this point we only run updates every half hour, rather than updating everything whenever someone changes their password, as it takes about 1/2 hour at this point. (We have around 20-25 servers, so it takes a while...) It seems to me that dbm is totally inappropriate for this kind of thing, and I would hope that anybody talking about making a YP replacement would consider some other database system. It is especially necessary that one be able to change/delete/replace lines in the password file without totally redistributing the file. And YP is not terribly secure; as supplied by Sun, with a little work it is possible to set up your own YP server on your local client and set up a fake password database. I guess my answer to your question would a solid NO. We've had many problems with the system, mainly implementation bugs, but the whole YP premise seems flawed. The idea of having a distributed database for administration seems good, but YP isn't it. Of course, my views are my own, and not those of The Ohio State University... Bob -- Remember, kids, there's evil people out there.... bomb radar genetic Marxist NSA Uzi assassination Barbie Bush manson@cis.ohio-state.edu