[4393] in linux-net channel archive
Re: Authentication Server
daemon@ATHENA.MIT.EDU (Christoph Lameter)
Sun Sep 15 11:30:10 1996
Date: Sun, 15 Sep 1996 07:18:28 -0700 (PDT)
From: Christoph Lameter <clameter@waterf.org>
To: Dominik Kubla <kubla@netz.klinik.uni-mainz.de>
cc: linux-net@vger.rutgers.edu
In-Reply-To: <199609151100.NAA12361@kastanie.netz.klinik.uni-mainz.de>
On Sun, 15 Sep 1996, Dominik Kubla wrote:
kubla>> The easy way is to use NIS because most if not all Unixes support it. Anything
kubla>> else will cause a lot of trouble with some system or another.
kubla>
kubla>And anything else will make it harder to crack the passwords of your users!
kubla>Making the passwd database accessible to anyone (and it is, unless you are
kubla>blocking ONC-RPC access in your InterNet router) means you are begging for
kubla>trouble.
Of course security measures need to be taken and the Linux NIS Server has
a lot of options that other system do not have for protection. Naturally
you would want linux to be the NIS Server. Passwords are generally
NOT available to users on any system in the scheme that I am using.
kubla>
kubla>> NIS is simple and universal.
kubla>
kubla>And it is definitely not supported by routers, terminal servers and the like.
kubla>
kubla>If you really want to play it save, use RADIUS for your network access servers
kubla>and Kerberos for your hosts.
Use radius on the next Unix hosts and have radius consult NIS.
Kerberos is really ancient and so far I have no one seen using it.
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
{} Snail Mail: FTS Box 466, 135 N.Oakland Ave, Pasadena, CA 91182 {}
{} FISH Internet System Administrator at Fuller Theological Seminary {}
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
