Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Le 29/03/2018 à 06:44, Keith Keller a écrit : > I wonder how much support there is for NIS any more in recent > distros. Is it possible CentOS 7 doesn't support NIS, or does but is > buggy? I fiddled around with it for a few days, and I can say that NIS is still perfectly supported under CentOS

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Am 29.03.2018 um 09:38 schrieb Nicolas Kovacs: > Le 29/03/2018 à 06:44, Keith Keller a écrit : >> I wonder how much support there is for NIS any more in recent distros. Is it >> possible CentOS 7 doesn't support NIS, or does but is buggy? > >

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Am 2018-03-29 09:38, schrieb Nicolas Kovacs: Le 29/03/2018 à 06:44, Keith Keller a écrit : I wonder how much support there is for NIS any more in recent distros. Is it possible CentOS 7 doesn't support NIS, or does but is buggy? I'm planning to test this very soon, probably during the next

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Le 29/03/2018 à 06:44, Keith Keller a écrit : > I wonder how much support there is for NIS any more in recent > distros. Is it possible CentOS 7 doesn't support NIS, or does but is > buggy? I'm planning to test this very soon, probably during the next week, and I'll report back. Cheers from

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

On 2018-03-26, Leon Fauster wrote: > > Quite time ago we had a stripped setup here working only with Openldap and > PAM modules. LDAP with replication for redundancy, centralized communication > with local CA and over TLS. It worked very well. The successor of such

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

On 26/03/2018 16:18, Leon Fauster wrote: > Time synchronization for all nodes is crucial for kerberos ... In my case, somehow Bind lost the required kerberos tokens to be able to talk to the LDAP server on the same host, so DNS didn't work, so it couldn't attempt to refresh the token. Never

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

> Am 26.03.2018 um 16:31 schrieb Tom Grace : > > On 26/03/2018 15:14, Gordon Messmer wrote: >> FreeIPA takes all of one command to install, and one to set up. It >> provides a web UI for both administrative and end-user management of >> users, passwords, login

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

On 26/03/2018 15:14, Gordon Messmer wrote: > FreeIPA takes all of one command to install, and one to set up. It > provides a web UI for both administrative and end-user management of > users, passwords, login and sudo policy, etc. Anything you find overly > complex can simply be unused. FreeIPA

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

On 03/26/2018 02:59 AM, Nicolas Kovacs wrote: I gave FreeIPA a spin a while back. I installed it on a sandbox server, and from what I recall, it pulled in a tsunami of dependencies, and first thing it wanted to replace my Dnsmasq with BIND... so I didn't look much further. FreeIPA should be

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

experience with Shibboleth or OmniAuth? -Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Leon Fauster Sent: Monday, March 26, 2018 6:41 AM To: CentOS mailing list <centos@centos.org> Subject: [EXTERNAL] Re: [CentOS] How insecure is NIS ? Possible altern

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs : > > Le 26/03/2018 à 10:28, isdtor a écrit : >> In my opionion, there is a serious gap in this area. It's either NIS, >> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management >> server at a complexity at least

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Le 26/03/2018 à 10:28, isdtor a écrit : > In my opionion, there is a serious gap in this area. It's either NIS, > simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management > server at a complexity at least one order of magnitude beyond NIS. I gave FreeIPA a spin a while back. I

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Le 26/03/2018 à 10:28, isdtor a écrit : > There's also the option of using AD if such infrastructure exists. There are no Windows clients in the network, only CentOS 7. -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

> You don't even need to crack them yourself. > If you have the hashes, you can just use rainbow-tables available online, > sometimes for a small fee. There are salted hashes for that ... ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Am 2018-03-26 10:46, schrieb Clint Dilks: Hi, as you why it is insecure the biggest reason is that it is trivial for a user to get sensitive information about other users. Particularly things like password hashes, and with the compute power available today cracking a hash is not

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

Am 2018-03-26 10:28, schrieb isdtor: Over the next month I have to setup a new network in a local school, and I wonder if I should use NIS/NFS. I still have my own documentation, it's simple and somewhat bone-headed to setup, and it just works. In my opionion, there is a serious gap in this

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs wrote: > Hi, > > In the past I've setup simple centralized authentication with NIS and > NFS, without bothering about possible security implications. > > Over the next month I have to setup a new network in a local school, and >

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

> Over the next month I have to setup a new network in a local school, and > I wonder if I should use NIS/NFS. I still have my own documentation, > it's simple and somewhat bone-headed to setup, and it just works. In my opionion, there is a serious gap in this area. It's either NIS, simple,