NIS and Kerberos 5 : is it possible / smart?
Tillman Hodgson
tillman at seekingfire.com
Fri Aug 11 02:41:10 UTC 2006
> > On 8/4/06, Garrett Cooper <youshi10 at u.washington.edu> wrote:
> >> Hi all,
> >> Just wondering if it's possible for NIS and Kerberos 5 to work in
> >> tandem with one another, such that NIS would handle groups and
> >> configuration file management and Kerberos would handle authentication
> >> only. Also, is this sort of overkill perhaps, where NIS is not really
> >> needed?
> >> I basically have 3+ machines (2 desktops, 1 laptop, currently), and
> >> I want to keep my credentials and information uniform across the
> >> machines as much as possible. The network I would be implementing this
> >> on is a low-traffic, private network.
(sorry for hijacking another persons reply, but I didn't have the
original post available to reply to)
Kerberos works fine with NIS. It's more secure if you run both over
IPsec (host-to-host transport mode for the local network) because that
ensures that the NIS maps themselves maintain integrity (secrecy isn't
needed with them, integrity is), though it's not necessary for many
environments.
This has come up on these lists a few times in the past. Here's some
links to the threads in the archives:
http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018487.html
http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018838.html
http://archives.neohapsis.com/archives/freebsd/2003-09/0224.html
-T
--
"Who would have suspected that life was all going to turn out well?"
-- Robert Allen
More information about the freebsd-questions
mailing list