On Thu, 6 Oct 2011, Steve Rikli wrote:
> In article <alpine.LRH.2.00.1110060937180.9689@xxxxxxxxxxxxxxxxxxxx>, John Hodrien <centos@xxxxxxxxxx> wrote:
>> On Wed, 5 Oct 2011, Steve Rikli wrote:
>>
>>> ...
>>> I'll also readily agree I wouldn't want NIS on internet-facing systems,
>>> but for things like automount maps on the internal corporate LAN, is
>>> it really a catastropic problem?
>>
>> The problem you get is when you compare it with LDAP.
>
> Compare in what way? What characteristics are you contrasting? I'm
> genuinely trying to understand the problem you're talking about for
> the case I've presented, and pro-con from someone who has done both
> would be appreciated.
I'm not saying NIS is catastrophically bad for an internal system that you
consider to be 'safe', it just comes from a time when security wasn't high up
the list of worries. Other than it being easy as cake to setup in the first
place, I think it's hard to list *any* honest advantages over LDAP. Sorry, I
don't consider performance to be a credible advantage, especially after
nscd/sssd have had their way with caching results.
A good LDAP setup with nested groups, and GSSAPI just beats NIS over the head
with a stick in terms of security, and once you've got a good LDAP
infrastructure you start to discover just how many tools offer some form of
LDAP integration. Extending the schema to suit internal uses is also easy,
and querying it from within your own apps/scripts is far from difficult.
jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
