Hello guys, Yes NIS is simple and "easy" to setup, but also has the following problems:
1) Is insecure: doesn't support encryption and depends on portmapper wich has been know to have security problems in the past with buffer overflows (you can improve the situation with a firewall and a good /etc/hosts.allow && /etc/hosts.deny policy, /var/yp/securenets). NIS+ tried to do it better but got stuck on Sun servers (and i don't know how many people uses it out there compared to plain NIS). Also you need to be VERY carefull with wich UIDs you export (Redhat takes care of that, i think doesn't create maps for UIDs lower than 500, check the /var/yp/Makefile), otherwise you can have powerfull acounts scattered across the net (like root). 2) Is not well suited for Internet wide replication: If you have a large number of NIS clients, you have to run the ypxfrd daemon on every NIS slave if you wanna have a decent NIS transfer (if the maps are large). Ldap is more scalable on that regard. 3) LDAP has better support for other third party tools: Many web applications (Servlets, PHP) uses LDAP for authentication. This kind off support is not ofered "out of the box" for NIS (but you can work that out, using JNDI for example). Also LDAP support a "tree" like structure, something not possible with NIS (thats why NIS sucks as a replacement of a DNS server for example) wich only supports plain domains. In my opinion NIS only works for very controled environments, wich modest requirements. Just my two cents :) JV. On Thu, 5 Sep 2002 16:22:26 -0300 (BRT) Fernando Lozano <[EMAIL PROTECTED]> wrote: > John, > > > I am planning to deploy a multiple server configuration and have a > > requirement to control user accounts, passwords, and system resources > > from a central directory. > > > > LDAP seems to satisfy this requirement. I'm interested in any > > opinions/experiences regarding LDAP as a central authentication server. > > LDAP is the more powerfull option availabe, but you won't be able to use any nice >front-end like linuxconf, webmin, the Red Hat User Manager, etc. It'll take some time >and effort to deploy LDAP specially if hou have not used it before... > > NIS is a much easier setup and allow you to use most easy admin front-ends. > > > []s, Fernando Lozano > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- José Vicente Núñez Zuleta Newbreak LLC System Administrator (http://www.newbreak.com) Phone: 203-355-1511, 203-355-1510 Fax: 203-355-1512 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
