Re: Alternatives to NIS?
grin wrote:
>
> On Wed, 31 Dec 1997, Jens B. Jorgensen wrote:
>
> > > > > The latest version of NIS uses encryption and authentication. I don't
> > > > > know if software is available for debian (or anyone other than Sun).
> > > > > Sun calls it NIS Plus.
> > > >
> > > > And you are best staying away from it unless you want to spend long hours
> > > > getting it to work correctly ... and it is fragile ;)
> > >
> > > What's for an alternative between debian machines for central password
> > > management?
> > >
> > > (Encryption _is_ essential.)
> >
> > Perhaps RADIUS provides it? Otherwise I know of no solution.
>
> Everyone keeps telling that RADIUS have very basic security, and I'm about
> to believe that. But even it it wasn't so I have no knowledge of Linux
> RADIUS clients.
>
> NIS have no security at all (I checked it), NIS+ and NYS were told to be
> too complex AND fairly insecure. Hm.
>
> I need a centralised authentication service which can at least auth email
> and login services, and have both clients and servers under linux. And
> able to stand against possible snoopers between them.
Hey, you can always roll your own! You could use secure sockets as a
base and go from there. If you could figure a way to get the stock
ONC RPC to work with Secure Sockets Layer this would almost be
trivial. One other thought: You could take a look at Kerberos V.
The problem is there aren't a lot of ready-made apps which work with it.
You may want to approach the problem on an application-by-application
basis. What all services do you want to offer?
--
Jens B. Jorgensen
jjorgens@bdsinc.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: