Re: nis : how to avoid user1 becoming user2 using local root ?

From: Frank Burkhardt (fbo2_at_gmx.net)
Date: 03/31/04

  • Next message: Brian Hatch: "Re: nis : how to avoid user1 becoming user2 using local root ?" 
    Date: Wed, 31 Mar 2004 19:16:46 +0200
To: focus-linux@securityfocus.com

    Hi,

    On Tue, Mar 30, 2004 at 09:00:12AM -0500, Frederic Medery wrote:
    > first thanks for all you great imput !!!
    >
    > How can ldap help me ? We want to migrate from nis to ldap /kerberos
    > this year.

    LDAP can't help you. It's not NIS' fault that local superusers can su
    to everyone. The problem is the NFS-server trusting UIDs on remote
    computers.

    You need a different network filesystem. Personally I prefer AFS ( see
    www.openafs.org ). It's a bit difficult to configure but that's compensated
    by the ease of maintanance.

    Cheers,

    Frank

  • Next message: Brian Hatch: "Re: nis : how to avoid user1 becoming user2 using local root ?"

    Relevant Pages

    • Re: Directory Server LDAP/LDIF import - working yet not working???
      ... I then generated LDIF files from the /etc files on our NIS ... > 10,000-foot understanding of LDAP. ... > I already downloaded the various LDAP BluePrints and Directory Server ...
      (comp.unix.solaris)
    • Directory Server LDAP/LDIF import - working yet not working???
      ... We currently have NIS and are looking to get rid of NIS completely in ... I then generated LDIF files from the /etc files on our NIS ... 10,000-foot understanding of LDAP. ... This is to be nothing more than importing /etc/passwd (and ...
      (comp.unix.solaris)
    • Re: Solaris 9 naming services
      ... Just my own experience with the Solaris implementations of NIS, ... and the Iplanet/SunONE LDAP server. ... it's hard to know what the folks at the conference ...
      (comp.unix.solaris)
    • Re: Solaris 9 naming services
      ... Just my own experience with the Solaris implementations of NIS, ... and the Iplanet/SunONE LDAP server. ... it's hard to know what the folks at the conference ...
      (comp.sys.sun.admin)
    • Summary: NIS+ and LDAP - Single sign on
      ... The overwhelming response was that NIS+ is proprietary and that Sun will not ... The majority of the responses indicate that LDAP is the way to go. ... I mainly need this for authentication (login ... Everybody is going LDAP these days: Sun, ...
      (SunManagers)