[CentOS] centralised user authentication

Fri Mar 26 11:37:43 UTC 2010
Geoff Galitz <geoff at galitz.org>


> > >
> > > it used to be called "yp" or "yellow pages".
> > > it works with samba too.
> > >
> > I'm new to centralized user authentication, and I want to learn how to
> > do it. I've heard that NIS is a deprecated technology, and that one
> > should favour LDAP over it. I'd be curious if someone could explain the
> > facts behind this (or even if it's true or not).
> ----
> true
> 
> LDAP is also much more robust and versatile. You can keep extending it
> for many things like mail routing/delivery/aliases, integration with
> Samba/Netatalk/ for Windows/Macintosh users, automounts, shared address
> books and more than just authentication.


NIS is also extensible in this fashion.. to an extent.  It can handle
automounts and routing but not shared address books as an example.  Just
FYI.

To address the question of NIS vs LDAP or other similar systems more
directly, the NIS codebase is one of those applications that predates modern
usage of the Internet and lacks secure coding principles that are necessary
in today's world.  In other words:  it is not secure.  That is one major
reason.  There is not much effort going into NIS these days, so bugs fixes
and extensibility fixes are not likely to come in a timely fashion.  It is
poorly supported outside of the SunOS/Solaris/AIX world, in particular.

I prefer NIS to LDAP, but that is most likely because I "grew up" with NIS.
I find it easier to manage and edit, but it just doesn't fit the bill in
today's world.  I do not recommend it to any of my customers.

-geoff

---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/