Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-27-2004, 10:42 AM   #1
LQ Newbie
Registered: Feb 2003
Posts: 17

Rep: Reputation: 0
NIS versus LDAP/Kerberos


I have just heard that LDAP/Kerberos could be an alternative to NIS.
Which is more secure?
Is LDAP/Kerberos more difficult to implement than NIS?

Old 08-27-2004, 03:07 PM   #2
LQ Newbie
Registered: Aug 2004
Location: seatle, wa
Posts: 5

Rep: Reputation: 0
Elbe3321 -

We used to run NIS in my department, until 1 of our user accounts was compromised... With nis it is possible for 1 client to grab the entire yppasswd file including password hashes. Once this guy had 1 account, he was able to run a md5 cracker and get the password of all 400 users... We ended up randomly generating password for everyone as well as replacing our server (SuckIT was installed). This was a huge nightmare... In addition to being able to grab the passwd file containg the hashes, ypbind sends passwords in clear text - def. a HUGE security risk this day in age... They revised nis to NIS+ which actually encrypts data between clients, but i've still heard bad things aboiut it - I would recommend ldap/kerberos over nis... we are still in the process of implementing ldap to replace our once nis network

Old 08-27-2004, 03:58 PM   #3
Registered: Feb 2004
Posts: 140

Rep: Reputation: 15
NIS+ solves most of the above problems mentioned, as for weak passwords, they can't be avoided, some sales droid is always going to use something stupid like "password" which can be brute forced. With that said LDAP is still the way to go ! It is much more versatile and is truly multi use. Your dir can be integrated into a windows AD as well as be a mail/contact dir, and server to auth and provided resource locations to your *NIX boxen.

A note though, setting up LDAP/Kerb is not for the faint of heart, im not saying you can't do it just give your self some time. Bellow are some links I picked up allong the way.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Kerberos NIS Domain/realm confusion PDock Linux - Networking 0 11-28-2005 08:13 AM
Configuring NIS with Kerberos kaplan71 Linux - Networking 0 11-16-2005 10:48 AM
Active Directory, Kerberos, LDAP, PAM, and nsswitch PenguinPwrdBox Linux - Security 1 06-04-2005 10:56 PM
Fedora, cyrus imap / sasl, Kerberos, LDAP rhoekstra Linux - Security 0 01-26-2005 04:48 AM
tutorial on samba + ldap + kerberos coolamit78 Linux - Networking 1 06-10-2004 02:00 PM

All times are GMT -5. The time now is 03:08 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration