Chris Hedemark on Wed, 12 Feb 2003 07:01:06 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] nis or ldap


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Wednesday, February 12, 2003, at 01:22 AM, nash oudha wrote:

does some one know what went wrong?

NIS is terrible. If you ever get it working, try running this command while logged in as a regular user:


	ypcat -k passwd.byname

Now understand that someone can take their OWN linux box, plug in your NIS domain name, and use that command to surreptitiously attach it to your LAN for an easy way to get your password crypts for easy cracking later on offline.

Even Sun is dropping NIS/NIS+. Microsoft's Active Directory is based on LDAP. Novell authenticates against LDAP. Sun is moving in the direction of LDAP. LDAP is the way to go. Some go the extra mile and put everything in LDAP *except* the passwords, which are then kept in Kerberos. This is no doubt more secure, but adds administrative overhead.

If your friend is hoping to authenticate Windows users against this Linux server, also check out Samba TNG which will authenticate Windows users against LDAP on Linux.

Chris Hedemark
PGP/GnuPG Public Key at http://yonderway.com/chris/hedemark.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+Sjd5YPuF4Zq9lvYRAviNAJ43vH/ljC+oSNTmXxPUra/eqGWt5gCg4CGo
QwpZ4iBeYxIVM22mgG4to4s=
=AvXQ
-----END PGP SIGNATURE-----

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug