Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)

From: Vladimir Ivanov (VIvanov@tee.toshiba.de)
Date: 08/29/01


Message-ID: <3B8CA7D1.7BD8773A@tee.toshiba.de>
Date: Wed, 29 Aug 2001 10:29:05 +0200
From: Vladimir Ivanov <VIvanov@tee.toshiba.de>
To: FOCUS-SUN@securityfocus.com
Subject: Secure name service for Solaris (was: RPCSEC_GSS and NIS etc)


> > What about other RPC-based services? NIS, NIS+, rpc.rstatd ?
> > Or all applications need to be rewritten with new API?
>
> NIS no - it doesn't even use AUTH_DH (aka AUTH_DES).
> NIS+ kind of yes. It does use RPCSEC_GSS but only for dh640-0 and
> dh1024-0. It can't be used to used Kerberos.

Is there plans for doing this? I think no one is taking care of NIS now,
but may be NIS+?

Or SUN is going to promote LDAP as main name/directory service for
Solaris?
For now there is a possibility for pam_unix to store passwords on
ldap, but this makes things not better than just NIS. Also there is
pam_ldap,
but as far as i understand this is even worse.

AFAIK there is also NIS+ for HP-UX and (client-only) for Linux,
does anyone knows how are these implementations compatible to SUN
implementation of NIS+?

-- 
Vladimir Ivanov                      
System Administrator                 E-Mail:  VIvanov@tee.toshiba.de
Toshiba Electronics Europe GmbH      Tel/Fax: +49-211-5296-297/386



Relevant Pages

  • Summary: NIS+ and LDAP - Single sign on
    ... The overwhelming response was that NIS+ is proprietary and that Sun will not ... The majority of the responses indicate that LDAP is the way to go. ... I mainly need this for authentication (login ... Everybody is going LDAP these days: Sun, ...
    (SunManagers)
  • Re: Hardening NIS+
    ... are you aware that Sun has already announced EOL for NIS+ ... > Solaris and supporting them as Sun products. ... > I haven't seen a Solaris 9 install or if they've made using LDAP with PAM ...
    (Focus-SUN)
  • I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password
    ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ...
    (comp.unix.solaris)
  • I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password
    ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ...
    (comp.unix.questions)
  • I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password
    ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ...
    (comp.unix.questions)