[CentOS] How insecure is NIS ? Possible alternatives ?

Mon Mar 26 11:41:28 UTC 2018
Leon Fauster <leonfauster at googlemail.com>

> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs <info at microlinux.fr>:
> Le 26/03/2018 à 10:28, isdtor a écrit :
>> In my opionion, there is a serious gap in this area. It's either NIS,
>> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management
>> server at a complexity at least one order of magnitude beyond NIS.
> I gave FreeIPA a spin a while back. I installed it on a sandbox server,
> and from what I recall, it pulled in a tsunami of dependencies, and
> first thing it wanted to replace my Dnsmasq with BIND... so I didn't
> look much further.

Quite time ago we had a stripped setup here working only with Openldap and 
PAM modules. LDAP with replication for redundancy, centralized communication 
with local CA and over TLS. It worked very well. The successor of such setup 
is SSSD for EL7 but the above should be still a feasible solution.