On Tue, 3 Oct 2006, Mohan Ramanujan wrote:
> During a recent network filer upgrade we ran into issue where our NIS > service would not work. We eventually fixed it, but that lead to a > discussion on whether we should use something better than NIS. > > We would like to get your opinion on merits and demerits of NIS from any > experience and knowledge you may have. Thank you. Firstly, I hope you are using NIS+ instead of NIS. Otherwise, there are some serious security concerns. I recommend Kerberos as a replacement. It is supported by many OSs, is quite secure, and there are many tools to manage it. There's probably even tools for migration from NIS/NIS+. Anecdote: Back in 2001 I was doing wifi security research for a company in Kendall Square. Part of this work involved logging and dissassembling WiFi packets in the air. I unintentially captured wifi packets from the neighboring company, including NIS packets which had the password hash for root. Noting that it was using an outdated and insecure hash method, I put a password cracker to work on it and cracked it within two hours! Needless to say, I warned their IT department about NIS and Wifi. _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
