Forum: Cfengine Help Subject: Re: YP NIS netgroup Author: jonb1987 Link to topic: https://cfengine.com/forum/read.php?3,21635,21659#msg-21659
davidlee Wrote: ------------------------------------------------------- > A note of caution. At my previous workplace, we > successfully ran cfengine v2, and had been using > such NIS/YP from the hosts aspects of "netgroup" > maps to determine group/class membership. > > But we then suffered a nasty little incident in > which an important machine (Linux, I think) > somehow lost its NIS/YP binding, resulting in the > host-based class membership changing (as cfengine > v2 continued to work even though the binding had > gone) resulting in an unwanted change to a vital > part of that host's system configuration. Not > nice. > > So we adjusted our cfengine policy from that point > onwards. Despite the apparent ideal of using > NIS/YP to steer cfengine (and so not having to > replicate NIS/YP information within cfengine) we > ended up taking the more pragmatic approach of > avoiding this mechanism, and we instead replicated > that netgroup information in cfengine. (In our > case the overall size of the host/netgroup data > was small enough to make the awkwardness of such > repetition manageable.) Interesting point. I guess the right solution is for the nis database on the nis server to be updated via cfengine also! _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
