On 12/6/20 11:21 AM, Pete Biggs wrote:>>
>> I found this:
>>
>> https://www.server-world.info/en/note?os=CentOS_8&p=nis&f=1
>>
>> I've been told in the past that NIS should not be used because of
some
>> supposed security issues.
>>
>> Can someone site any authoritative documentation concerning the
security
>> issues extant in NIS?
>
> There's a lot of documentation out there. Basically YP/NIS transmits
> everything over the network in plain text, including password hashes.
> combined with no authentication/authorisation mechanism, out of the box
> NIS will give your password hashes to anyone who asks for them. Clearly
> once a username/password hash has been discovered, it's only a matter
> of time before a password is found.
>
> NIS+ is very different in that it is much more security aware, but
> consequently much more complex.
>
>> My plan is to set up NIS and NFS on my home network server where I plan
>> to host all the local home network /home directories. I'll use
>> automount on all the other nodes to mount up the home directories when
a
>> user logs on.
>>
> If you have a fully private network, then the security issues are not
> so bad. It still has its place in things like clusters, but even then
> it is being superseded by LDAP. If you are setting up a system from
> scratch, then you really should be looking at using LDAP, it's not that
> difficult and there are plenty of tools around to help you manage it
> all.
>
> P.
Okay, say I decide to go with LDAP and NFS. I'll be needing some hand
holding to get it set up. Are you willing to walk me through this?
I tried to set up 389 a while ago but ran into the nobody/nobody problem
on the client computer that I could not solve. No help arrived then. I
don't want a repeat of that.
--
_
?v?
/(_)\
^ ^
Mark LaPierre
****