From owner-freebsd-security  Tue Apr  9  8: 2:58 2002
Delivered-To: freebsd-security@freebsd.org
Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42])
	by hub.freebsd.org (Postfix) with ESMTP id 0080E37B41C
	for <security@FreeBSD.ORG>; Tue,  9 Apr 2002 08:02:53 -0700 (PDT)
Received: (from avalon@localhost)
	by caligula.anu.edu.au (8.9.3/8.9.3) id BAA10372;
	Wed, 10 Apr 2002 01:02:44 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200204091502.BAA10372@caligula.anu.edu.au>
Subject: Re: Centralized authentication
To: marquis@roble.com (Roger Marquis)
Date: Wed, 10 Apr 2002 01:02:44 +1000 (Australia/ACT)
Cc: security@FreeBSD.ORG
In-Reply-To: <20020409073815.Q26460-100000@roble.com> from "Roger Marquis" at Apr 09, 2002 07:52:38 AM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In some mail from Roger Marquis, sie said:
> 
> Samuel Chow wrote:
> > 	How about NIS?  I use it at home with a total
> > 	of two machines and one users.
> 
> I've used NIS with over 30,000 users, and adminitered 2 domains
> with over 2,500 users and experienced near zero problems.  NIS+
> may be a bit more difficult given it's Kerberos roots but it is
> being used successfully in shops with hundreds of NIS+ accounts
> and hosts.  Adminning Sun NIS servers and clients is neither
> difficult nor complicated even with NFS and automount.  Not sure
> if the same is true for FreeBSD servers however.

Where I work, we have experience with a production NIS+ database of
double the size you have for NIS.  After many requests to Sun, we're
given the impression that they know of nobody else using NIS+ to such
a large scale (even to the 1000s or 10,0000s).  NIS+ is secure, if you
don't have to do NIS, but you must get all your procedures *correct*,
especially when changing passwords, or you are "fucked".

Darren
p.s. sorry for the french, but I believe that sums it up perfectly.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message