[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD 2.8 as NIS+ Client or even Server ???



On Fri, Mar 30, 2001 at 01:06:51AM +0200, Patrick von der Hagen wrote:
> 
> My questions: is there a way to use shadow-passwords with NIS?
> Is NIS+ relyable and more secure than NIS? It should be, but is it?

More reliable?  Difficult to say.  More secure?  Yes, but if need to run
your NIS+ server in NIS compatability mode to accomodate NIS-only clients
(like OpenBSD) you lose the security advantages.  In compatability mode
it's no more secure than NIS.  Which means not very secure.  NIS+ also
has some advantages in managing a large, hierarhical network.  But NIS+
itself is much more difficult to administer than NIS.

> Or should we better look for an other authentification-system, for example
> LDAP?
> 
> As OpenBSD tries to be a very secure operating system, what kind of
> network-authentification mechanism is proposed by OpenBSD-people?
> 
> Most systems run solaris, but of course all our servers and clients (*BSD,
> Linux, Solaris, WinNT4, WIN2k) should work.

I'd recommend using NIS for name service information, and using Kerberos 
for authentication.  All of your clients (except maybe WinNT4) should be 
able to authenticate against Kerberos.  If all of your *BSD clients could 
use LDAP for a name service, I'd say use LDAP rather than NIS.  But I
think that only FreeBSD can use LDAP that way.

David S.

> 
> -- 
> CU,
>    Patrick.
> "Never run on auto-pilot" - The Pragmatic Programmer