Date: Thu, 2 Apr 1998 16:21:04 -0800 (PST) From: Tom <tom@uniserve.com> To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> Cc: Charles Quarri <randy@hackerz.org>, stable@FreeBSD.ORG Subject: Re: Hesiod support on 2.2 Message-ID: <Pine.BSF.3.96.980402161553.20064I-100000@shell.uniserve.com> In-Reply-To: <199804022207.OAA06621@passer.osg.gov.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Apr 1998, Cy Schubert - ITSD Open Systems Group wrote: > > > > On Thu, 2 Apr 1998, Charles Quarri wrote: > > > > > I am looking for a central management system like NIS without > > > the blatant security holes. I have heard that Hesiod can do this. > > > > All blatant security holes in NIS depend on how you configure it. > > You can minimize NIS security holes by limiting which hosts have access > to your NIS ports. Yes. Similar problems with Hesiod though. You don't want to be running NIS or Hesiod between a server and a client connected via an untrusted network. Most security holes in NIS are made by the system administrator setting up the NIS cluster/domain. > Another approach I've used (on NIS+) is to put a * in the password > fields of the passwd map and use Kerberos V. In this case NIS would > serve hosts, services and other maps, and be used for UID to username > mapping while Kerberos would be used for user authentication. Yes. Hesiod is good for this too. Probably better actually as I think Hesiod's use of DNS will be faster. Plus DNS has nicer caching and replication features than NIS. NIS replication isn't so bad, if using some propietary type of ypxfr, but is otherwise pretty bad. > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > UNIX Support OV/VM: BCSC02(CSCHUBER) > ITSD BITNET: CSCHUBER@BCSC02.BITNET > Government of BC Internet: cschuber@uumail.gov.bc.ca > Cy.Schubert@gems8.gov.bc.ca Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980402161553.20064I-100000>