[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NIS/something equivalent + security


> Make sure you add 'nis' as an option in /etc/nsswitch.conf for passwd: and
> group: and it will work with anything that uses the local libs (libc) for
> getting local informations. Any program worth it's code should do this, I
> don't know of any that don't.

	I hope that includes pine. Most of my users use pine for mail and
they quite like it.

> As long as you setup your client systems so that they don't use broadcast
> for NIS server discovery then you are safe there. Also make sure that the
> NIS server only answers requests to the local network by using
> /etc/hosts.{allow,deny} on the server (I think NIS is compiled with
> libwrap atleast, if not there is a NIS file to set this up also).

	Ok. I didn't know you could make NIS only to listen requests from
specific machines. I guess passwords are sent clear-text, but then, we're
supposed to have an intelligent concentrator/hub so the machines only
receive packets for their own IPs.

	Whatever, I've decided to install NIS in the future. That is,
after christmas. ;)

	Thanks a lot for your help.

-- p.

Reply to: