[CentOS] How insecure is NIS ? Possible alternatives ?

Mon Mar 26 08:46:58 UTC 2018
Clint Dilks <clint.dilks at waikato.ac.nz>

On Mon, Mar 26, 2018 at 9:07 PM, Nicolas Kovacs <info at microlinux.fr> wrote:

> Hi,
>
> In the past I've setup simple centralized authentication with NIS and
> NFS, without bothering about possible security implications.
>
> Over the next month I have to setup a new network in a local school, and
> I wonder if I should use NIS/NFS. I still have my own documentation,
> it's simple and somewhat bone-headed to setup, and it just works.
>
> RHEL/CentOS 7 still provide NIS, and I vaguely wonder how exactly it is
> insecure. So I thought I'd simply ask on this list.
>
> I know there's FreeIPA available. I gave it a spin some time ago on a
> local machine, but I think it's a bit overkill.
>
>
Hi, as you why it is insecure the biggest reason is that it is trivial for
a user to get sensitive information about other users.  Particularly things
like password hashes, and with the compute power available today cracking a
hash is not impractical.
It also discourages some of the more standard practices today like user
private groups.

It would still take a fair amount of work but if you want something a
little less than FreeIPA or integrating with AD look into
http://directory.fedoraproject.org/





> Anyone here who uses central authentication (CentOS server + CentOS
> clients) ? Any suggestions ?
>
> Cheers,
>
> Niki
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : info at microlinux.fr
> Tél. : 04 66 63 10 32
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>