On Wed, 15 Mar 2000, Derek Martin wrote:
> Today, Rich Payne gleaned this insight:
>
> > You should be OK provided, all use the same way of encrypting the password
> > (like coping from RH 6.1 to RH61 should be fine), and that they both
> > use/don't use shadow password.
> >
> > You could also use NIS for this, which
> > would mean you'd only have to change your password once, however if this
> > isn't an internal protected machine then NIS isn't a good choice.
>
> The bible (_Unix_System_Administrator's_Handbook_, Nemeth et. al.)
> recommends against NIS, and frankly I do to. It's really convenient when
> it works, but it's a GIGANTIC PIA when something breaks. It's also
> riddled with security holes.
Yes, I know that, that's why I added the second part "however if this
isn't an internal protected machine then NIS isn't a good choice."
> rdist/rsync allows you to distribute system files by copying, is
> relatively easy to maintain, and you don't have to worry about your entire
> environment breaking if something happens to your NIS server(s). NIS has
> given me more than a couple of headaches. I'm hoping to get away from
> using it at my shop ASAP!
Agreed, NIS has its problems, but it also solves a lot of problems...I
would never use NIS (or any of the r... programs) on an unprotected
network. However, I've have clusters of machines that users need to login
to, and you can not get to these machines from the Internet.....so
therefor the security side doesn't bother me as much.
--rdp
>
> --
> PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
> ------------------------------------------------------
> Derek D. Martin | Unix/Linux Geek
> [EMAIL PROTECTED] | [EMAIL PROTECTED]
> ------------------------------------------------------
>
Rich Payne
[EMAIL PROTECTED] www.alphalinux.org
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
