Chris Hedemark on Wed, 12 Feb 2003 07:01:06 -0500 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
does some one know what went wrong? NIS is terrible. If you ever get it working, try running this command while logged in as a regular user: ypcat -k passwd.byname Now understand that someone can take their OWN linux box, plug in your NIS domain name, and use that command to surreptitiously attach it to your LAN for an easy way to get your password crypts for easy cracking later on offline. Even Sun is dropping NIS/NIS+. Microsoft's Active Directory is based on LDAP. Novell authenticates against LDAP. Sun is moving in the direction of LDAP. LDAP is the way to go. Some go the extra mile and put everything in LDAP *except* the passwords, which are then kept in Kerberos. This is no doubt more secure, but adds administrative overhead. If your friend is hoping to authenticate Windows users against this Linux server, also check out Samba TNG which will authenticate Windows users against LDAP on Linux. Chris Hedemark PGP/GnuPG Public Key at http://yonderway.com/chris/hedemark.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+Sjd5YPuF4Zq9lvYRAviNAJ43vH/ljC+oSNTmXxPUra/eqGWt5gCg4CGo QwpZ4iBeYxIVM22mgG4to4s= =AvXQ -----END PGP SIGNATURE----- _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|