NIS and Security
 

hi all.

i've been twiddling around with linux for a year or so now to good effect (nameservers, spamfilters, webfilters etc.)

we're looking to make a lab at work to run alongside or windows network demonstrating whether or not we could run with it in certain departments to save some money and hopefully provide a more flexible network platform (what i've read about openafs looks extremely versatile).

my first objective was to create a remote user account and home share to simplify admin of users, which i did easily with nfs and nis. i've read some discouraging reports about the security of this though, and would appreciate anyones experiences of other means of authentication & how 'elegant' they are to set up and running! :D

i also realise that sometimes security problems aren't really problems at all, just in the wrong hands they could be- so is nis actually ok? (broadly speaking of course)

look forward to any opinions you might have

tia

john

Its been a while since I did NIS and I've never done it in Linux.

NIS itself was thought of as fairly insecure but NIS+ came out to address some of the security aspects of NIS. Hopefully Linux is doing NIS+ - maybe doing some googling for that in combination with Linux will give you some answers.

Doing that google myself led to:
http://tldp.org/HOWTO/NIS-HOWTO/which.html

Within that I find the following quote:

"3.3. NIS or NIS+ ?
The choice between NIS and NIS+ is easy - use NIS+ only if you have severe security needs. NIS+ is much more problematic to administer (it's pretty easy to handle on the client side, but the server side is horrible). Another problem is that the support for NIS+ under Linux contains a lot of bugs and that the development has stopped."

The above doc also talks about NYS which is a new one on me. Looks like it may be a worthwhile read for your purposes. The link to it came from www.linuxsecurity.com