Incoming from Shawn: > On Tuesday 12 October 2004 22:32, s. keeling wrote: > > I'm not so sure about the security concerns. �For one thing, it > > The big one I saw (and perhaps it's not a problem anymore?) is that if some > remote user can guess the NIS domain name, they can request information from > your NIS server - like /etc/passwd.
I assume if you're using any of this, it's all going to be well firewalled away from the rest of the net. Tell your firewall not to answer portmap requests except from specific IPs, and make sure you're not subject to IP spoofing. None of this stuff should be at all accessible from outside, and with a decent firewall setup, that shouldn't be difficult to achieve. NIS+ is supposed to address the security stuff, but I've only seen one outfit that had the ambition to try to use it. It's much more difficult. I think the problems with NIS can be solved by other tools, basic security. It may not scale to multiple sites, but it's robust within those limitations. > WRT being stuck if the primary server goes down, I think I'd be in that boat > regardless which authentication method I use - NIS or LDAP (other than stand Yup, which is why it's a toss up. NIS/NFS can do this. Samba can do this. LDAP may be gravy on top of both (and nice to have?). If you go NFS, you'll need NFS software on your Windows boxes to grok it. If you go Samba, it speaks native (bug compatible) Windows. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
