Hey Y'all,
I found this:
https://www.server-world.info/en/note?os=CentOS_8&p=nis&f=1
I've been told in the past that NIS should not be used because of some
supposed security issues.
Can someone site any authoritative documentation concerning the security
issues extant in NIS?
My plan is to set up NIS and NFS on my home network server where I plan
to host all the local home network /home directories. I'll use
automount on all the other nodes to mount up the home directories when a
user logs on.
--
_
?v?
/(_)\
^ ^
Mark LaPierre
****
Le 06/12/2020 ? 16:35, Mark LaPierre a ?crit?:> > I've been told in the past that NIS should not be used because of some supposed > security issues. > > Can someone site any authoritative documentation concerning the security issues > extant in NIS? > > My plan is to set up NIS and NFS on my home network server where I plan to host > all the local home network /home directories.? I'll use automount on all the > other nodes to mount up the home directories when a user logs on.The main problem with NIS is that logins and passwords circulate in clear-text over the network. I've written a detailed blog article about NIS on CentOS 7. Should work similarly on CentOS 8, since NIS didn't really evolve since: https://blog.microlinux.fr/serveur-nis-centos-7/ A secure alternative that's not much more difficult to setup is 389 Directory Server: https://blog.microlinux.fr/389-ds-centos-7/ This one works differently on CentOS 8 though. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
> > I found this: > > https://www.server-world.info/en/note?os=CentOS_8&p=nis&f=1 > > I've been told in the past that NIS should not be used because of some > supposed security issues. > > Can someone site any authoritative documentation concerning the security > issues extant in NIS?There's a lot of documentation out there. Basically YP/NIS transmits everything over the network in plain text, including password hashes. combined with no authentication/authorisation mechanism, out of the box NIS will give your password hashes to anyone who asks for them. Clearly once a username/password hash has been discovered, it's only a matter of time before a password is found. NIS+ is very different in that it is much more security aware, but consequently much more complex.> My plan is to set up NIS and NFS on my home network server where I plan > to host all the local home network /home directories. I'll use > automount on all the other nodes to mount up the home directories when a > user logs on. >If you have a fully private network, then the security issues are not so bad. It still has its place in things like clusters, but even then it is being superseded by LDAP. If you are setting up a system from scratch, then you really should be looking at using LDAP, it's not that difficult and there are plenty of tools around to help you manage it all. P.