[941] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Alternative to NIS

daemon@ATHENA.MIT.EDU (Eric M. Boyd)
Tue Jul 23 04:38:57 1996

Date: Mon, 22 Jul 1996 17:09:29 -0400 (EDT)
From: "Eric M. Boyd" <boyd@interdim.com>
To: linux-security@tarsier.cv.nrao.edu

Everywhere I look security wise, people say to stay away from NIS because
it's very insecure, and that NIS+ isn't much better.  Does anyone have any
suggestions as to a replacement to use?  I want to make sure my site is
secure, but it's really a hassle to individually add a user to each
machine, or ask a user to change their password on each machine they use.  

Any suggestions?

[REW: NIS uses the "domainname" as a kind of password. Anybody from 
the whole internet who knows this can access your password file. Take
care not to choose something like "my.dns.domain.name". What complicates
the issue is that it is broadcast over your ethernet segment during
normal operation.]

Eric Boyd

--------------------------------+----------------------------------------------
Eric Boyd (TSMA)		|	"It's easier to ask for 
InterDimensions Corp.		|	 forgiveness than for permission."
25 Ellery St.			|
Cambridge Ma, 02138		|	"640K ought to be enough for anybody."
617-661-4200			|		-- Bill Gates, 1981
				|
boyd@interdim.com		|



home help back first fref pref prev next nref lref last post