nis security
Tillman Hodgson
tillman at seekingfire.com
Mon Sep 8 21:25:04 PDT 2003
On Mon, Sep 08, 2003 at 10:28:17PM -0500, Dan Nelson wrote:
> In the last episode (Sep 08), Tillman Hodgson said:
> > > > I'm a bit biased, however: I use NIS with Kerberos and think it's the
> > > > cats pajamas :-)
> > >
> > > This sounds exactly like what we are looking for. Can you point us
> > > to any docs explaining how you do this??
> >
> > The rough instructions are fairly simple:
> >
> > * Set up Kerberos and ensure you have a working realm
> > * Set up NIS, but set all the passwd fields to something that doesn't
> > map to a real password (I like 'krb5', others like '*')
>
> You can do something similar with LDAP, by using pam_ldap for
> authentication and NIS for the rest of the user info lookup.
That seems like a backwards use of LDAP to me - If I was going to use
LDAP, I'd rather use Kerberos for authentication and LDAP to provide the
user info lookup :-)
(This is essentially what active directory is, and combined with
Kerberos cross-realm authentication can make for some pretty neat single
sign on solutions)
-T
--
Love is the highest achievement to which any human may aspire. It is an
emotion that encompasses the full depth of heart, mind, and soul.
- Zensunni Wisdom from the Wandering
More information about the freebsd-questions
mailing list