Re: How insecure is NIS ? Possible alternatives ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote:

> Hi,
>
> In the past I've setup simple centralized authentication with NIS and
> NFS, without bothering about possible security implications.
>
> Over the next month I have to setup a new network in a local school, and
> I wonder if I should use NIS/NFS. I still have my own documentation,
> it's simple and somewhat bone-headed to setup, and it just works.
>
> RHEL/CentOS 7 still provide NIS, and I vaguely wonder how exactly it is
> insecure. So I thought I'd simply ask on this list.
>
> I know there's FreeIPA available. I gave it a spin some time ago on a
> local machine, but I think it's a bit overkill.
>
>
Hi, as you why it is insecure the biggest reason is that it is trivial for
a user to get sensitive information about other users.  Particularly things
like password hashes, and with the compute power available today cracking a
hash is not impractical.
It also discourages some of the more standard practices today like user
private groups.

It would still take a fair amount of work but if you want something a
little less than FreeIPA or integrating with AD look into
http://directory.fedoraproject.org/





> Anyone here who uses central authentication (CentOS server + CentOS
> clients) ? Any suggestions ?
>
> Cheers,
>
> Niki
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : info@xxxxxxxxxxxxx
> Tél. : 04 66 63 10 32
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux