[CentOS] How insecure is NIS ? Possible alternatives ?

Thu Mar 29 07:57:14 UTC 2018
Andreas Haumer <andreas at xss.co.at>

Hash: SHA1


Am 29.03.2018 um 09:38 schrieb Nicolas Kovacs:
> Le 29/03/2018 à 06:44, Keith Keller a écrit :
>> I wonder how much support there is for NIS any more in recent distros. Is it possible CentOS 7 doesn't support NIS, or does but is buggy?
> I'm planning to test this very soon, probably during the next week, and I'll report back.

We are using the OpenLDAP + pam_ldap / sssd solution in
several smaller networks (up to ~40 Linux clients), but
I think it should scale well for larger networks, too.

The OpenLDAP solution can also support Samba as domain controller,
if you have to support windows clients, too.

- From that point on we usually integrate other services like
an IMAP server (we use Cyrus IMAP), groupware server (we use SOGo)
and many other services which suport LDAP authentication.
You can apply LDAP password policies, too.

We use GOSa (or it's successor FusionDirectory, see https://www.fusiondirectory.org/)
as web frontend, so the users can change their passwords, mail settings etc. on
their own (if they are given the rights to do so)

With all that you get a nice, easy to manage, well integrated and
secure network with a central authentication service all with open
source software!

It should run with almost all modern linux distributions, even mixed
together in the same network.


- - andreas

- -- 
Andreas Haumer                     | mailto:andreas at xss.co.at
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
Version: GnuPG v2.0.22 (GNU/Linux)