[CentOS] How insecure is NIS ? Possible alternatives ?
Leon Fauster
leonfauster at googlemail.com
Mon Mar 26 11:41:28 UTC 2018
> Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs <info at microlinux.fr>:
>
> Le 26/03/2018 à 10:28, isdtor a écrit :
>> In my opionion, there is a serious gap in this area. It's either NIS,
>> simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management
>> server at a complexity at least one order of magnitude beyond NIS.
>
> I gave FreeIPA a spin a while back. I installed it on a sandbox server,
> and from what I recall, it pulled in a tsunami of dependencies, and
> first thing it wanted to replace my Dnsmasq with BIND... so I didn't
> look much further.
Quite time ago we had a stripped setup here working only with Openldap and
PAM modules. LDAP with replication for redundancy, centralized communication
with local CA and over TLS. It worked very well. The successor of such setup
is SSSD for EL7 but the above should be still a feasible solution.
--
LF
More information about the CentOS
mailing list