On Wed, 27 Nov 2002, Federico Sevilla III wrote:
> Instead of NIS you may prefer to use LDAP-based authentication. There
> are NSS and PAM LDAP libraries/modules available that will allow you to
> store user information centrally in an LDAP server. This is more secure
> than the NIS approach, and should be more scaleable as well. With NSS
> properly setup NFS-mounted /home's should work as expected, as well.
>
LDAP like any other modules in your unix box is not inherently
secure. It is not safe to say LDAP is more secure than NIS. In fact LDAP
allows you to create a setup where passwords are transmitted in plain text
across your network. LDAP is secure in the broad sense bec:
1) It does not rely on the notorious rpc.
2) It allows you more sophisticated encryption of passwd other than plain
unix crypt.
3) It supports client authentication like Kerberos V.
4) It supports SSL protected connections.
and many more. But it still up to you to configure these addons to make
LDAP more secure than NIS.
rowel
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
