t> Or you can use different group names with the same gid and everything will t> work fine. This is what we do. ;) We use NIS for everything.
The degeneracy state of group.bygid map should be causing you subtle problems somewhere. The 1k limit is inherent in the NDBM code that NIS relies on. You can change this limit and recompile if you have access to the source for libc/ypbind/ypserv/ndbm on ALL platforms you support but that is a major pain in the ass.
Is netapp planning to support LDAP based access to passwd, group, etc... at some point[1]? Solaris and Linux have been able to do this for a while and RedHat 6.1 even comes with the packages. It doesn't suffer that limit and purports to perform better[2].
Rob
1. I realize that this would be an un-official word on the toasters list.
2. I have not tested this myself yet. The traditional NIS server is single threaded and really slow. LDAP parsing and record searching is a more expensive process than a simple NDBM lookup but the server should perform better against multiple clients.
On Sat, 16 Oct 1999, Robert L. Millner wrote:
t> Or you can use different group names with the same gid and everything will t> work fine. This is what we do. ;) We use NIS for everything.
The degeneracy state of group.bygid map should be causing you subtle problems somewhere.
You are correct, the group.bygid is broken, but to my knowledge very few applications use the group.bygid to look up users belonging to a particular group. We don't have any problems with it that I know of, and the scheme operates for many years.
Tom
tkaczma@gryf.net wrote:
On Sat, 16 Oct 1999, Robert L. Millner wrote:
t> Or you can use different group names with the same gid and everything will t> work fine. This is what we do. ;) We use NIS for everything.
The degeneracy state of group.bygid map should be causing you subtle problems somewhere.
You are correct, the group.bygid is broken, but to my knowledge very few applications use the group.bygid to look up users belonging to a particular group. We don't have any problems with it that I know of, and the scheme operates for many years.
Tom
We are using the same mecanism at TI France and we don't have any problem. About max number of group limitation, you can change the system NGROUPS MAX default value, but it is not supported by SUN to my knowledge.
Johnny
# cat /usr/include/limits.h | grep NGROUPS #define NGROUPS_MAX 16 /* max number of groups for a user */
# cat /usr/include/sys/param.h | grep NGROUPS * configurable parameter NGROUPS_MAX. #define NGROUPS_UMIN 0 #define NGROUPS_UMAX 32 * NGROUPS_MAX_DEFAULT: *MUST* match NGROUPS_MAX value in limits.h. #define NGROUPS_MAX_DEFAULT 16
-
Johnny Jolivet -
Robert L. Millner -
tkaczma@gryf.net