From owner-freebsd-security Tue Apr 9 7:52:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (mx0.roble.com [206.40.34.14]) by hub.freebsd.org (Postfix) with ESMTP id 2A56E37B405 for ; Tue, 9 Apr 2002 07:52:45 -0700 (PDT) Received: from gw.netlecture.com (gw.netlecture.com [206.40.34.9]) by roble.com with ESMTP id g39EqdQ27217 for ; Tue, 9 Apr 2002 07:52:39 -0700 (PDT) Date: Tue, 9 Apr 2002 07:52:38 -0700 (PDT) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: Centralized authentication In-Reply-To: Message-ID: <20020409073815.Q26460-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Samuel Chow wrote: > How about NIS? I use it at home with a total > of two machines and one users. I've used NIS with over 30,000 users, and adminitered 2 domains with over 2,500 users and experienced near zero problems. NIS+ may be a bit more difficult given it's Kerberos roots but it is being used successfully in shops with hundreds of NIS+ accounts and hosts. Adminning Sun NIS servers and clients is neither difficult nor complicated even with NFS and automount. Not sure if the same is true for FreeBSD servers however. The drawback to NIS is that it is not secure enough for many environments and does not support password aging. The best tool for this job (directory services) IMO is LDAP. Over the past couple of years it has matched NIS for reliability and clearly is the future direction of the industry. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message