[951] in linux-security and linux-alert archive
Re: [linux-security] Alternative to NIS
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Wed Jul 24 12:55:41 1996
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: boyd@interdim.com (Eric M. Boyd)
Date: Wed, 24 Jul 1996 17:43:43 +0200 (MET DST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.GSO.3.94.960722170759.2806B-100000@insanity.interdim.com> from "Eric M. Boyd" at Jul 22, 96 05:09:29 pm
Eric M. Boyd:
> Everywhere I look security wise, people say to stay away from NIS because
> it's very insecure, and that NIS+ isn't much better. Does anyone have any
> suggestions as to a replacement to use? I want to make sure my site is
> secure, but it's really a hassle to individually add a user to each
> machine, or ask a user to change their password on each machine they use.
Here is one suggestion: use rdist to update the /etc/passwd and
/etc/shadow files on each machine from the "server" machine (where
users change their passwords). rdist should be run after any changes
have been made, and/or periodically from a cron job. By default,
rdist uses rsh to transfer files - not very secure, but it can be
modified to use ssh (ftp://ftp.cs.hut.fi/pub/ssh/) instead.
Marek