On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote: > Hi, > > In the past I've setup simple centralized authentication with NIS and > NFS, without bothering about possible security implications. > > Over the next month I have to setup a new network in a local school, and > I wonder if I should use NIS/NFS. I still have my own documentation, > it's simple and somewhat bone-headed to setup, and it just works. > > RHEL/CentOS 7 still provide NIS, and I vaguely wonder how exactly it is > insecure. So I thought I'd simply ask on this list. > > I know there's FreeIPA available. I gave it a spin some time ago on a > local machine, but I think it's a bit overkill. > > Hi, as you why it is insecure the biggest reason is that it is trivial for a user to get sensitive information about other users. Particularly things like password hashes, and with the compute power available today cracking a hash is not impractical. It also discourages some of the more standard practices today like user private groups. It would still take a fair amount of work but if you want something a little less than FreeIPA or integrating with AD look into http://directory.fedoraproject.org/ > Anyone here who uses central authentication (CentOS server + CentOS > clients) ? Any suggestions ? > > Cheers, > > Niki > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : info@xxxxxxxxxxxxx > Tél. : 04 66 63 10 32 > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos