Re: NIS/something equivalent + security
On Thu, Dec 17, 1998 at 11:50:20PM +0000, Pere Camps wrote:
> 1) Is it difficult to install / maintain?
Nope, pick a main server and use it for the base. I would suggest (after
you get used to how everything works) moving the files (passwd, group,
hosts) for NIS into their own directory, like /var/yp/etc if your like me.
:)
> 2) Will my ftp daemon work?
Make sure you add 'nis' as an option in /etc/nsswitch.conf for passwd: and
group: and it will work with anything that uses the local libs (libc) for
getting local informations. Any program worth it's code should do this, I
don't know of any that don't.
> 3) Most important: security. Is it safe? Will I be able to keep my
As long as you setup your client systems so that they don't use broadcast
for NIS server discovery then you are safe there. Also make sure that the
NIS server only answers requests to the local network by using
/etc/hosts.{allow,deny} on the server (I think NIS is compiled with
libwrap atleast, if not there is a NIS file to set this up also).
You will be able to keep shadow passwords and the clients will enforce
this very well (ie. regular users wont be able to get the encrypted
password).
IIRC, the default setup is fairly secure from the debian packages outside
of having to enter the blocks into libwrap files (hosts.deny,allow).
good luck,
Ben
--
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <b.m.collins@larc.nasa.gov> Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc. bcollins@debian.org
------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
Reply to: