[sf-lug] meeting monday night at Javacat, 6 to 8
jim stockford
jim at well.com
Sun Jul 16 17:33:59 PDT 2006
does that mean you'll help put LDAP on the
Javacat machine?
The reason for NFS and NIS is that they both
figure in RedHat certification.
It seems to me that NIS is becoming outmoded
(remember the state of the industry is not state
of art), but not yet with respect to RHCT/E tests.
But NFS is getting a lot of improvements. It
seems to me that it'll be around for years, more
and more robust. Interesting that Samba can
work in an all-*nix environment: it's not _just_ a
means to integrate The Other OS with *nixes.
On Jul 16, 2006, at 4:47 PM, Asheesh Laroia wrote:
> On Sun, 16 Jul 2006, jim stockford wrote:
>
>> per rhct topic: putting NFS and NIS services on the
>> Javacat machine.
>
> Hah, NIS is hilarious. If NFS is the "Network Failure System", NIS
> must be the "Network Insecurity Service".
>
> I helped acm.jhu.edu move from NIS to OpenLDAP + TLS a year or so
> back. It was well-worth it; now we can authenticate web apps against
> our main authentication database, plus we have TLS to encrypt and
> authenticate our login server. Works with our OS X client, too.
>
> Plus random lusers can't "getent passwd" and start cracking everyone
> else's passwords. RedHat, at least, has a default NIS configuration
> that doesn't use shadow passwords. Even if you enable shadow
> passwords, apparently the best security NIS can put on "getent shadow"
> is port numbers < 1024 can't get to it.
>
> -- Asheesh.
>
> --
> Perilous to all of us are the devices of an art deeper than we
> ourselves
> possess.
> -- Gandalf the Grey [J.R.R. Tolkien, "Lord of the Rings"]
>
More information about the sf-lug
mailing list