On Tue, 18 Aug 2009, Jesús M. Navarro wrote:
PS: You know that NIS is an unsecure protocol only to be used if you are absolutly convinced you are tightly controlling all the clients that can attach to the network, do you?
There are still good reasons to run NIS, and it can be done securely (even without NIS+). My setup has no passwords in the NIS maps - authentication is handled via KRB, LDAP, or AFS (depending upon the OS and level). A user can't get any more information from ypcat/ypmatch than they could from getent. I actually populate NIS from LDAP.
The roughly equivalent to an AD-based Windows network, security and functionality-wise, would be LDAP+Kerberos+NFSv4 (plus a whole lot of other "minor" services like DNS, DHCP, automounters, cups, puppet, a local CA, etc.).
Indeed, that is the basis of my work & home network - and I'll be sticking with that instead of moving towards Samba 4. -- Rick Nelson Moonchild without an opinion? Satan is skating to work tomorrow! -- Brett Manz