[CentOS] How insecure is NIS ? Possible alternatives ?

Thu Mar 29 04:44:31 UTC 2018
Keith Keller <kkeller at wombat.san-francisco.ca.us>

On 2018-03-26, Leon Fauster <leonfauster at googlemail.com> wrote:
> Quite time ago we had a stripped setup here working only with Openldap and 
> PAM modules. LDAP with replication for redundancy, centralized communication 
> with local CA and over TLS. It worked very well. The successor of such setup 
> is SSSD for EL7 but the above should be still a feasible solution.

Likely an even longer time ago, I did an even more stripped down version
of this, where I just set up an OpenLDAP server, used their tools to
import from our existing NIS to it, and ran it unencrypted (all the
hosts were either on the same switch or over VPN so having no encryption
on the network channel was less of a concern).  It was fairly
straightforward, and I imagine that nowadays, setting up TLS for slapd
and clients is probably fairly straightforward too.

I wonder how much support there is for NIS any more in recent distros.
Is it possible CentOS 7 doesn't support NIS, or does but is buggy?


kkeller at wombat.san-francisco.ca.us