Forum: Cfengine Help Subject: Re: YP NIS netgroup Author: davidlee Link to topic: https://cfengine.com/forum/read.php?3,21635,21656#msg-21656
A note of caution. At my previous workplace, we successfully ran cfengine v2, and had been using such NIS/YP from the hosts aspects of "netgroup" maps to determine group/class membership. But we then suffered a nasty little incident in which an important machine (Linux, I think) somehow lost its NIS/YP binding, resulting in the host-based class membership changing (as cfengine v2 continued to work even though the binding had gone) resulting in an unwanted change to a vital part of that host's system configuration. Not nice. So we adjusted our cfengine policy from that point onwards. Despite the apparent ideal of using NIS/YP to steer cfengine (and so not having to replicate NIS/YP information within cfengine) we ended up taking the more pragmatic approach of avoiding this mechanism, and we instead replicated that netgroup information in cfengine. (In our case the overall size of the host/netgroup data was small enough to make the awkwardness of such repetition manageable.) _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
