[BBLISA] Pros and cons of NIS
Bob Keyes
bob at sinister.com
Tue Oct 3 13:55:33 EDT 2006
On Tue, 3 Oct 2006, Mohan Ramanujan wrote:
> During a recent network filer upgrade we ran into issue where our NIS
> service would not work. We eventually fixed it, but that lead to a
> discussion on whether we should use something better than NIS.
>
> We would like to get your opinion on merits and demerits of NIS from any
> experience and knowledge you may have. Thank you.
Firstly, I hope you are using NIS+ instead of NIS. Otherwise, there are
some serious security concerns.
I recommend Kerberos as a replacement. It is supported by many OSs, is
quite secure, and there are many tools to manage it. There's probably even
tools for migration from NIS/NIS+.
Anecdote: Back in 2001 I was doing wifi security research for a company in
Kendall Square. Part of this work involved logging and dissassembling WiFi
packets in the air. I unintentially captured wifi packets from the
neighboring company, including NIS packets which had the password hash for
root. Noting that it was using an outdated and insecure hash method, I put
a password cracker to work on it and cracked it within two hours!
Needless to say, I warned their IT department about NIS and Wifi.
More information about the bblisa
mailing list