Re: NIS/something equivalent + security

To: Ben Collins <bmc@visi.net>
Cc: Debian User Lists <debian-user@lists.debian.org>
Subject: Re: NIS/something equivalent + security
From: Pere Camps <pere@casal.upc.es>
Date: Sun, 20 Dec 1998 13:02:20 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.3.96.981220125758.19791A-100000@casal.upc.es>
In-reply-to: <[🔎] 19981217192149.B27947@visi.net>

Ben,

> Make sure you add 'nis' as an option in /etc/nsswitch.conf for passwd: and
> group: and it will work with anything that uses the local libs (libc) for
> getting local informations. Any program worth it's code should do this, I
> don't know of any that don't.

	I hope that includes pine. Most of my users use pine for mail and
they quite like it.

> As long as you setup your client systems so that they don't use broadcast
> for NIS server discovery then you are safe there. Also make sure that the
> NIS server only answers requests to the local network by using
> /etc/hosts.{allow,deny} on the server (I think NIS is compiled with
> libwrap atleast, if not there is a NIS file to set this up also).

	Ok. I didn't know you could make NIS only to listen requests from
specific machines. I guess passwords are sent clear-text, but then, we're
supposed to have an intelligent concentrator/hub so the machines only
receive packets for their own IPs.

	Whatever, I've decided to install NIS in the future. That is,
after christmas. ;)

	Thanks a lot for your help.

-- p.

Reply to:

Follow-Ups:
- Re: NIS/something equivalent + security
  - From: Ben Collins <bmc@visi.net>

References:
- Re: NIS/something equivalent + security
  - From: Ben Collins <bmc@visi.net>

Prev by Date: exim mail to certain sites fails
Next by Date: Re: email
Previous by thread: Re: NIS/something equivalent + security
Next by thread: Re: NIS/something equivalent + security
Index(es):
- Date
- Thread