On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs info@microlinux.fr wrote:
Hi,
In the past I've setup simple centralized authentication with NIS and NFS, without bothering about possible security implications.
Over the next month I have to setup a new network in a local school, and I wonder if I should use NIS/NFS. I still have my own documentation, it's simple and somewhat bone-headed to setup, and it just works.
RHEL/CentOS 7 still provide NIS, and I vaguely wonder how exactly it is insecure. So I thought I'd simply ask on this list.
I know there's FreeIPA available. I gave it a spin some time ago on a local machine, but I think it's a bit overkill.
Hi, as you why it is insecure the biggest reason is that it is trivial for a user to get sensitive information about other users. Particularly things like password hashes, and with the compute power available today cracking a hash is not impractical. It also discourages some of the more standard practices today like user private groups.
It would still take a fair amount of work but if you want something a little less than FreeIPA or integrating with AD look into http://directory.fedoraproject.org/
Anyone here who uses central authentication (CentOS server + CentOS clients) ? Any suggestions ?
Cheers,
Niki
Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32 _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos