Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)

From: Vladimir Ivanov (VIvanov@tee.toshiba.de)
Date: 08/29/01

• Previous message: Darren J Moffat: "Re: RPCSEC_GSS and NIS etc"
• In reply to: Darren J Moffat: "Re: RPCSEC_GSS and NIS etc"
• Next in thread: Darren Moffat: "Re: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)"
• Reply: Darren Moffat: "Re: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3B8CA7D1.7BD8773A@tee.toshiba.de>
Date: Wed, 29 Aug 2001 10:29:05 +0200
From: Vladimir Ivanov <VIvanov@tee.toshiba.de>
To: FOCUS-SUN@securityfocus.com
Subject: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)

> > What about other RPC-based services? NIS, NIS+, rpc.rstatd ?
> > Or all applications need to be rewritten with new API?
>
> NIS no - it doesn't even use AUTH_DH (aka AUTH_DES).
> NIS+ kind of yes. It does use RPCSEC_GSS but only for dh640-0 and
> dh1024-0. It can't be used to used Kerberos.

Is there plans for doing this? I think no one is taking care of NIS now,
but may be NIS+?

Or SUN is going to promote LDAP as main name/directory service for
Solaris?
For now there is a possibility for pam_unix to store passwords on
ldap, but this makes things not better than just NIS. Also there is
pam_ldap,
but as far as i understand this is even worse.

AFAIK there is also NIS+ for HP-UX and (client-only) for Linux,
does anyone knows how are these implementations compatible to SUN
implementation of NIS+?

-- 
Vladimir Ivanov                      
System Administrator                 E-Mail:  VIvanov@tee.toshiba.de
Toshiba Electronics Europe GmbH      Tel/Fax: +49-211-5296-297/386

---

• Previous message: Darren J Moffat: "Re: RPCSEC_GSS and NIS etc"
• In reply to: Darren J Moffat: "Re: RPCSEC_GSS and NIS etc"
• Next in thread: Darren Moffat: "Re: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)"
• Reply: Darren Moffat: "Re: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Summary: NIS+ and LDAP - Single sign on ... The overwhelming response was that NIS+ is proprietary and that Sun will not ... The majority of the responses indicate that LDAP is the way to go. ... I mainly need this for authentication (login ... Everybody is going LDAP these days: Sun, ... (SunManagers) Re: Hardening NIS+ ... are you aware that Sun has already announced EOL for NIS+ ... > Solaris and supporting them as Sun products. ... > I haven't seen a Solaris 9 install or if they've made using LDAP with PAM ... (Focus-SUN) I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ... (comp.unix.questions) I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ... (comp.unix.questions) I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ... (comp.sys.sun.admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-sun  > 2001-08