Re: PAM and LinuxRouter questions

From: Paul Lussier (pll@mclinux.com)
Date: 01/18/02 

To: Charles Clancy <security@xauth.net>
Date: Fri, 18 Jan 2002 09:09:32 -0500
From: Paul Lussier <pll@mclinux.com>

In a message dated: Wed, 16 Jan 2002 19:48:59 CST
Charles Clancy said:

>I suggest getting a good book on NIS (perhaps NSS and PAM too).

Does one exist? The only one I know of is the O'Reilly NIS/NFS book,
which is good, but very geared towards Sun environments (although
rumor has it that it's recently been updated).

>I also suggest you use ANYTHING but NIS. NIS+ and LDAP are infinitely
>better when it comes to the security aspects of name service.

From a security perspective, I'll grant you that NIS is horrible, but
from a management perspective, NIS+ and LDAP appear to a lot worse.
That, and AFAIK, there is no NIS+ implementation for Linux.
Besides, why would you *want* to use something which the developers
themselves (Sun) have all but abandoned and don't use?

As far as LDAP? I keep hearing that it's the next best thing, but
there don't seem to many tools for using it in a large scale
enterprise environment. There are some out there, but it seems that
they're slow in coming. And man is that record format overly verbose
and tedious to deal with!

Nah, even for all it's insecurities, I like NIS. It easy to deal
with and simple to manage. And if you really need the security, then
just use something like rdist or rsync to push around the
passwd/shadow maps. If you're in an all Linux/Unix environment, it's
trivial to create a sysVinit script that pulls down the most recent
files at boot time. 

-- 

Seeya,
Paul
----

			  God Bless America!

	 If you're not having fun, you're not doing it right!

	...we don't need to be perfect to be the best around,
		and we never stop trying to be better. 
		       Tom Clancy, The Bear and The Dragon

Relevant Pages

  • Re: PAM and LinuxRouter questions
    ... >>I also suggest you use ANYTHING but NIS. ... >>better when it comes to the security aspects of name service. ... NIS+ and LDAP appear to a lot worse. ... If you're in an all Linux/Unix environment, ...
    (Focus-Linux)
  • Re: How safe am I really?
    ... Have you disabled "Automatic Firewall Rule ... Creation" (wherever that is actually located in NIS 2003)? ... some others may only appear in the Security Alerts log.. ... when you PERMIT your web browser to have Internet ...
    (alt.computer.security)
  • SUMMARY: securnets issue?
    ... Subject: securenets issue? ... related work for Sun Microsystems). ... I have a great deal of awareness of security issues, ... allowed to access NIS information. ...
    (SunManagers)
  • Re: Some sites do not load, most do. Confused
    ... It was good old NIS. ... It's possible that a toolbar, ... of them is blocking images or other content. ... security, toolbars and other add-ons for IE, anti-virus, etc. Take a look at ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Trying to replace NIS+
    ... yet are concerned with security issues?! ... > then an LDAP to LDAP/AD syncronization conversion. ... > looking like a NIS server, ...
    (comp.unix.solaris)