[sf-lug] meeting monday night at Javacat, 6 to 8
asheesh at asheesh.org
Sun Jul 16 16:47:38 PDT 2006
On Sun, 16 Jul 2006, jim stockford wrote:
> per rhct topic: putting NFS and NIS services on the
> Javacat machine.
Hah, NIS is hilarious. If NFS is the "Network Failure System", NIS must
be the "Network Insecurity Service".
I helped acm.jhu.edu move from NIS to OpenLDAP + TLS a year or so back.
It was well-worth it; now we can authenticate web apps against our main
authentication database, plus we have TLS to encrypt and authenticate our
login server. Works with our OS X client, too.
Plus random lusers can't "getent passwd" and start cracking everyone
else's passwords. RedHat, at least, has a default NIS configuration that
doesn't use shadow passwords. Even if you enable shadow passwords,
apparently the best security NIS can put on "getent shadow" is port
numbers < 1024 can't get to it.
Perilous to all of us are the devices of an art deeper than we ourselves
-- Gandalf the Grey [J.R.R. Tolkien, "Lord of the Rings"]
More information about the sf-lug