On 12/6/20 11:21 AM, Pete Biggs wrote:
I found this:
https://www.server-world.info/en/note?os=CentOS_8&p=nis&f=1
I've been told in the past that NIS should not be used because of some
supposed security issues.
Can someone site any authoritative documentation concerning the security
issues extant in NIS?
There's a lot of documentation out there. Basically YP/NIS transmits
everything over the network in plain text, including password hashes.
combined with no authentication/authorisation mechanism, out of the box
NIS will give your password hashes to anyone who asks for them. Clearly
once a username/password hash has been discovered, it's only a matter
of time before a password is found.
NIS+ is very different in that it is much more security aware, but
consequently much more complex.
My plan is to set up NIS and NFS on my home network server where I plan
to host all the local home network /home directories. I'll use
automount on all the other nodes to mount up the home directories when a
user logs on.
If you have a fully private network, then the security issues are not
so bad. It still has its place in things like clusters, but even then
it is being superseded by LDAP. If you are setting up a system from
scratch, then you really should be looking at using LDAP, it's not that
difficult and there are plenty of tools around to help you manage it
all.
P.
Okay, say I decide to go with LDAP and NFS. I'll be needing some hand
holding to get it set up. Are you willing to walk me through this?
I tried to set up 389 a while ago but ran into the nobody/nobody problem
on the client computer that I could not solve. No help arrived then. I
don't want a repeat of that.
--
_
°v°
/(_)\
^ ^
Mark LaPierre
****
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
