LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-27-2004, 09:42 AM   #1
elbe3321
LQ Newbie
 
Registered: Feb 2003
Posts: 17

Rep: Reputation: 0
NIS versus LDAP/Kerberos


Hi,

I have just heard that LDAP/Kerberos could be an alternative to NIS.
Which is more secure?
Is LDAP/Kerberos more difficult to implement than NIS?

elbe
 
Old 08-27-2004, 02:07 PM   #2
chenry3
LQ Newbie
 
Registered: Aug 2004
Location: seatle, wa
Posts: 5

Rep: Reputation: 0
Elbe3321 -

We used to run NIS in my department, until 1 of our user accounts was compromised... With nis it is possible for 1 client to grab the entire yppasswd file including password hashes. Once this guy had 1 account, he was able to run a md5 cracker and get the password of all 400 users... We ended up randomly generating password for everyone as well as replacing our server (SuckIT was installed). This was a huge nightmare... In addition to being able to grab the passwd file containg the hashes, ypbind sends passwords in clear text - def. a HUGE security risk this day in age... They revised nis to NIS+ which actually encrypts data between clients, but i've still heard bad things aboiut it - I would recommend ldap/kerberos over nis... we are still in the process of implementing ldap to replace our once nis network


-Chris
 
Old 08-27-2004, 02:58 PM   #3
mhiggins
Member
 
Registered: Feb 2004
Posts: 140

Rep: Reputation: 15
NIS+ solves most of the above problems mentioned, as for weak passwords, they can't be avoided, some sales droid is always going to use something stupid like "password" which can be brute forced. With that said LDAP is still the way to go ! It is much more versatile and is truly multi use. Your dir can be integrated into a windows AD as well as be a mail/contact dir, and server to auth and provided resource locations to your *NIX boxen.

A note though, setting up LDAP/Kerb is not for the faint of heart, im not saying you can't do it just give your self some time. Bellow are some links I picked up allong the way.

http://www.padl.com/Contents/OpenSourceSoftware.html

http://diradmin.open-it.org/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kerberos NIS Domain/realm confusion PDock Linux - Networking 0 11-28-2005 07:13 AM
Configuring NIS with Kerberos kaplan71 Linux - Networking 0 11-16-2005 09:48 AM
Active Directory, Kerberos, LDAP, PAM, and nsswitch PenguinPwrdBox Linux - Security 1 06-04-2005 09:56 PM
Fedora, cyrus imap / sasl, Kerberos, LDAP rhoekstra Linux - Security 0 01-26-2005 03:48 AM
tutorial on samba + ldap + kerberos coolamit78 Linux - Networking 1 06-10-2004 01:00 PM


All times are GMT -5. The time now is 01:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration