Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)

From: Vladimir Ivanov (VIvanov@tee.toshiba.de)
Date: 08/29/01


Message-ID: <3B8CA7D1.7BD8773A@tee.toshiba.de>
Date: Wed, 29 Aug 2001 10:29:05 +0200
From: Vladimir Ivanov <VIvanov@tee.toshiba.de>
To: FOCUS-SUN@securityfocus.com
Subject: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)


> > What about other RPC-based services? NIS, NIS+, rpc.rstatd ?
> > Or all applications need to be rewritten with new API?
>
> NIS no - it doesn't even use AUTH_DH (aka AUTH_DES).
> NIS+ kind of yes. It does use RPCSEC_GSS but only for dh640-0 and
> dh1024-0. It can't be used to used Kerberos.

Is there plans for doing this? I think no one is taking care of NIS now,
but may be NIS+?

Or SUN is going to promote LDAP as main name/directory service for
Solaris?
For now there is a possibility for pam_unix to store passwords on
ldap, but this makes things not better than just NIS. Also there is
pam_ldap,
but as far as i understand this is even worse.

AFAIK there is also NIS+ for HP-UX and (client-only) for Linux,
does anyone knows how are these implementations compatible to SUN
implementation of NIS+?

-- 
Vladimir Ivanov                      
System Administrator                 E-Mail:  VIvanov@tee.toshiba.de
Toshiba Electronics Europe GmbH      Tel/Fax: +49-211-5296-297/386