[sf-lug] meeting monday night at Javacat, 6 to 8

Asheesh Laroia asheesh at asheesh.org
Sun Jul 16 16:47:38 PDT 2006

On Sun, 16 Jul 2006, jim stockford wrote:

>    per rhct topic: putting NFS and NIS services on the
> Javacat machine.

Hah, NIS is hilarious.  If NFS is the "Network Failure System", NIS must 
be the "Network Insecurity Service".

I helped acm.jhu.edu move from NIS to OpenLDAP + TLS a year or so back. 
It was well-worth it; now we can authenticate web apps against our main 
authentication database, plus we have TLS to encrypt and authenticate our 
login server.  Works with our OS X client, too.

Plus random lusers can't "getent passwd" and start cracking everyone 
else's passwords.  RedHat, at least, has a default NIS configuration that 
doesn't use shadow passwords.  Even if you enable shadow passwords, 
apparently the best security NIS can put on "getent shadow" is port 
numbers < 1024 can't get to it.

-- Asheesh.

Perilous to all of us are the devices of an art deeper than we ourselves
 		-- Gandalf the Grey [J.R.R. Tolkien, "Lord of the Rings"]

More information about the sf-lug mailing list