NIS and Security
hi all.
i've been twiddling around with linux for a year or so now to good effect (nameservers, spamfilters, webfilters etc.) we're looking to make a lab at work to run alongside or windows network demonstrating whether or not we could run with it in certain departments to save some money and hopefully provide a more flexible network platform (what i've read about openafs looks extremely versatile). my first objective was to create a remote user account and home share to simplify admin of users, which i did easily with nfs and nis. i've read some discouraging reports about the security of this though, and would appreciate anyones experiences of other means of authentication & how 'elegant' they are to set up and running! :D i also realise that sometimes security problems aren't really problems at all, just in the wrong hands they could be- so is nis actually ok? (broadly speaking of course) look forward to any opinions you might have tia john |
Its been a while since I did NIS and I've never done it in Linux.
NIS itself was thought of as fairly insecure but NIS+ came out to address some of the security aspects of NIS. Hopefully Linux is doing NIS+ - maybe doing some googling for that in combination with Linux will give you some answers. Doing that google myself led to: http://tldp.org/HOWTO/NIS-HOWTO/which.html Within that I find the following quote: "3.3. NIS or NIS+ ? The choice between NIS and NIS+ is easy - use NIS+ only if you have severe security needs. NIS+ is much more problematic to administer (it's pretty easy to handle on the client side, but the server side is horrible). Another problem is that the support for NIS+ under Linux contains a lot of bugs and that the development has stopped." The above doc also talks about NYS which is a new one on me. Looks like it may be a worthwhile read for your purposes. The link to it came from www.linuxsecurity.com |
All times are GMT -5. The time now is 02:32 PM. |