UNIX System Administration Handbook - Evi Nemeth [317]
The other option is to integrate LDAP support into your C library so that LDAP can be listed in the /etc/nsswitch.conf file like any other data source. PADL provides a freeware package called nss_ldap that will allow you to do this, although as with any change to standard libraries, the degree of meddling required is above average. There is also a pam_ldap package that allows you to use LDAP with pluggable authentication modules.
1. Though the old version disappears from the filesystem namespace, it continues to exist until all references have been released. You must also be aware of this effect when managing log files. See page 206 for more information.
2. Although the password is not sent in plaintext across the network, the transferred files are not encrypted. If you use ssh as the transport (rsync -gopt -e ssh/etc/passwd/etc/shadow lollipop:/etc – note the single colon), the connection will be encrypted, but sshd will have to be configured not to require a password. Name your poison!
3. Do not confuse NIS domains with DNS domains. They are completely separate and have nothing to do with one another.
4. NIS commands such as ypinit and ypserv are often hidden away in nonstandard directories. Check the man pages to find the location on your particular system.
19 Electronic Mail
When we first tackled the job of updating this chapter for the third edition of this book, we thought it would be pretty easy. Not much has changed in 5 years: a couple of security patches, some new spam control features, and the obsolescence of IDA sendmail. But we were wrong.
Electronic mail was important then, but now it is absolutely essential to both business and personal communication. Many of the recent changes in sendmail respond to the scaling and flexibility issues faced by ISPs with millions of email-hungry customers. Spam has inspired additional changes and increasingly stringent enforcement of the existing rules. The IETF has been busy issuing new email-related RFCs. And hackers have been busy beating on any system that trusts user-supplied content to be reasonable and follow the rules. Both email and the web fall into this category.
Email has introduced some interesting social behavior. It seems to be less formal than paper, and people therefore tend to say more directly what they mean and feel. It is also somehow less personal and more removed than voice contact, so rage and frustration sometimes emerge. Email flame wars result, in which two people fire off messages they would never speak aloud or write on paper to each other.
For example, one of our users was easily upset and had a habit of abusing the administrators regularly. The only defense seemed to be to save his messages and send them back to him a few weeks later when he had cooled down. He was appalled at the things he had committed to print.
Another social aspect of email that has become prevalent in the last few years is unsolicited commercial email, colloquially called spam, the junk mail of the Internet. Sending email on the Internet is cheap—much cheaper than buying postage stamps. The sender is typically billed a flat rate, so it costs the same to send one message as to send 25 million. But to the ISP who must provide enough bandwidth to handle the influx of spam—estimated to be as much as 30% of the incoming mail at America Online—spam is certainly not free. Attempts to control spam through laws and the courts have so far had minimal success. Technical solutions in the form of mail filters have been more effective. We cover the current state of the art in spam fighting starting on page 595.
The sheer bulk of this