On 2018-03-26, Leon Fauster <leonfauster at googlemail.com> wrote:> > Quite time ago we had a stripped setup here working only with Openldap and > PAM modules. LDAP with replication for redundancy, centralized communication > with local CA and over TLS. It worked very well. The successor of such setup > is SSSD for EL7 but the above should be still a feasible solution.Likely an even longer time ago, I did an even more stripped down version of this, where I just set up an OpenLDAP server, used their tools to import from our existing NIS to it, and ran it unencrypted (all the hosts were either on the same switch or over VPN so having no encryption on the network channel was less of a concern). It was fairly straightforward, and I imagine that nowadays, setting up TLS for slapd and clients is probably fairly straightforward too. I wonder how much support there is for NIS any more in recent distros. Is it possible CentOS 7 doesn't support NIS, or does but is buggy? --keith -- kkeller at wombat.san-francisco.ca.us
Nicolas Kovacs
2018-Mar-29 07:38 UTC
[CentOS] How insecure is NIS ? Possible alternatives ?
Le 29/03/2018 ? 06:44, Keith Keller a ?crit :> I wonder how much support there is for NIS any more in recent > distros. Is it possible CentOS 7 doesn't support NIS, or does but is > buggy?I'm planning to test this very soon, probably during the next week, and I'll report back. Cheers from another ex-Slackware user who migrated to CentOS. :o) Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32
rainer at ultra-secure.de
2018-Mar-29 07:43 UTC
[CentOS] How insecure is NIS ? Possible alternatives ?
Am 2018-03-29 09:38, schrieb Nicolas Kovacs:> Le 29/03/2018 ? 06:44, Keith Keller a ?crit : >> I wonder how much support there is for NIS any more in recent >> distros. Is it possible CentOS 7 doesn't support NIS, or does but is >> buggy? > > I'm planning to test this very soon, probably during the next week, and > I'll report back. > > Cheers from another ex-Slackware user who migrated to CentOS. :o) > > NikiAccording to this: https://access.redhat.com/solutions/7247 it's still possibly.
Andreas Haumer
2018-Mar-29 07:57 UTC
[CentOS] How insecure is NIS ? Possible alternatives ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Am 29.03.2018 um 09:38 schrieb Nicolas Kovacs:> Le 29/03/2018 ? 06:44, Keith Keller a ?crit : >> I wonder how much support there is for NIS any more in recent distros. Is it possible CentOS 7 doesn't support NIS, or does but is buggy? > > I'm planning to test this very soon, probably during the next week, and I'll report back. >We are using the OpenLDAP + pam_ldap / sssd solution in several smaller networks (up to ~40 Linux clients), but I think it should scale well for larger networks, too. The OpenLDAP solution can also support Samba as domain controller, if you have to support windows clients, too. - From that point on we usually integrate other services like an IMAP server (we use Cyrus IMAP), groupware server (we use SOGo) and many other services which suport LDAP authentication. You can apply LDAP password policies, too. We use GOSa (or it's successor FusionDirectory, see https://www.fusiondirectory.org/) as web frontend, so the users can change their passwords, mail settings etc. on their own (if they are given the rights to do so) With all that you get a nice, easy to manage, well integrated and secure network with a central authentication service all with open source software! It should run with almost all modern linux distributions, even mixed together in the same network. HTH - - andreas - -- Andreas Haumer | mailto:andreas at xss.co.at *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iD8DBQFavJxYxJmyeGcXPhERAokrAKC1czb7l/AWaLZSDJ4g+VlIBN0IIQCgm7Iv p5hn8aLp32GA4mJ49RXqp8A=s0/Q -----END PGP SIGNATURE-----
Nicolas Kovacs
2018-Mar-31 10:01 UTC
[CentOS] How insecure is NIS ? Possible alternatives ?
Le 29/03/2018 ? 06:44, Keith Keller a ?crit :> I wonder how much support there is for NIS any more in recent > distros. Is it possible CentOS 7 doesn't support NIS, or does but is > buggy?I fiddled around with it for a few days, and I can say that NIS is still perfectly supported under CentOS 7. https://blog.microlinux.fr/serveur-nis-centos/ https://blog.microlinux.fr/client-nis-centos/ Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32