Re: Trying to replace NIS+
From: Rich Teer (rich.teer_at_rite-group.com)
Date: 08/27/03
- Next message: Peter T. Breuer: "Re: tar -cvfX save.tar foo ./dirtosave/.."
- Previous message: Dave Uhring: "Re: thanks for help succesfull gcc 3.3 build)"
- In reply to: B.A.Baumgart: "Trying to replace NIS+"
- Next in thread: B.A.Baumgart: "Re: Trying to replace NIS+"
- Reply: B.A.Baumgart: "Re: Trying to replace NIS+"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 27 Aug 2003 19:22:51 GMT
On 27 Aug 2003, B.A.Baumgart wrote:
> I am trying to replace our present NIS+ implementation. My current setup
> is about 100 machines, with about 20 users that need to be able to login
> to any of the machines. The users home directory is NFS mounted. Yep,
> perfect use of NIS or NIS+. NIS+ was chosen because of security issues.
>
> We use Windows for our administrative tasks. All of these 20 users have
You're using Windoze, yet are concerned with security issues?!
Windoze is your biggest security issue.
> Found several products that did password synchronization. Seemed labor-
> intensive, and prone to errors. Also would be a NIS+ to LDAP conversion,
> then an LDAP to LDAP/AD syncronization conversion. There is one of me.
My understanding is the SunONE Directory (i.e., LDAP) Server that
comes with Solaris 9 will authenticate Captive Directory users.
> Looked at Microsoft's AD plugin. It would work, except it works by
> looking like a NIS server, complete with NIS security issues.
Again, you're using M$ software, so NIS security is not your biggest
concern.
> My current thought (and question) is this. All of these twenty users has
> an RSA Security SecurID card. I have played with RSA's PAM module. Is
> it possible to do local password authentication, but retreive uid/gid
> information from NIS maps? This would eliminate the open clear-text
> password transmission and open password files of NIS, but would
> centralize the uid/gid information.
>
> Am I onto something here, or is it back to the drawing board?
I'm not sure, but I know the LDAP server with Solaris supports
strong encryption over the wire. That would be where I'd be
inclined to look.
-- Rich Teer, SCNA, SCSA President, Rite Online Inc. Voice: +1 (250) 979-1638 URL: http://www.rite-online.net
- Next message: Peter T. Breuer: "Re: tar -cvfX save.tar foo ./dirtosave/.."
- Previous message: Dave Uhring: "Re: thanks for help succesfull gcc 3.3 build)"
- In reply to: B.A.Baumgart: "Trying to replace NIS+"
- Next in thread: B.A.Baumgart: "Re: Trying to replace NIS+"
- Reply: B.A.Baumgart: "Re: Trying to replace NIS+"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
