From owner-freebsd-questions Sun Mar 16 23:09:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA25653 for questions-outgoing; Sun, 16 Mar 1997 23:09:24 -0800 (PST) Received: from starfire.mn.org (root@starfire.skypoint.net [199.86.32.187]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA25634 for ; Sun, 16 Mar 1997 23:09:14 -0800 (PST) Received: (from john@localhost) by starfire.mn.org (8.8.5/1.1) id BAA13749; Mon, 17 Mar 1997 01:09:10 -0600 (CST) Message-ID: Date: Mon, 17 Mar 1997 01:09:10 -0600 From: john@dexter.starfire.mn.org (John Lind) To: questions@freebsd.org Subject: Instead of NIS -- what? X-Mailer: Mutt 0.53 Mime-Version: 1.0 Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk We have fallen prey to the inherent security flaw in NIS -- that the encrypted passwords CAN be gotten (and then hacked at by the means of choice). Is there an alternative for providing multi-host authentication? That is, to share a password database? I thought that Kerberos was such, until I started reading the documentation on it, which now sounds otherwise. Can someone please help straigten me out on this? I check the handbook, and while it gives pretty good cook-book examples of how to set it up, it pretty much skips the how and why (suitability, why you do or do not want it, strengths and weaknesses, etc). I checked the main kerberos web pages and documents, and they almost make it sounds like this is not a suitable use of kerberos, or at least that kerberos in and of itself doesn't provide this functionality. Please reply directly, as I do not subscribe to this list. Thanks! John Lind, Starfire Consulting Services E-mail: john@starfire.MN.ORG USnail: PO Box 17247, Mpls MN 55417