Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Aug 2006 20:41:07 -0600
From:      Tillman Hodgson <tillman@seekingfire.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: NIS and Kerberos 5 : is it possible / smart?
Message-ID:  <20060811024107.GW2959@seekingfire.com>
In-Reply-To: <44DBD3E2.5060609@u.washington.edu>
References:  <44D3AD1E.5010807@u.washington.edu> <9aa9fc180608101132i68956d5fg2bae5f411c6ad9f8@mail.gmail.com> <44DBD3E2.5060609@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
> > On 8/4/06, Garrett Cooper <youshi10@u.washington.edu> wrote:
> >> Hi all,
> >>     Just wondering if it's possible for NIS and Kerberos 5 to work in
> >> tandem with one another, such that NIS would handle groups and
> >> configuration file management and Kerberos would handle authentication
> >> only. Also, is this sort of overkill perhaps, where NIS is not really
> >> needed?
> >>     I basically have 3+ machines (2 desktops, 1 laptop, currently), and
> >> I want to keep my credentials and information uniform across the
> >> machines as much as possible. The network I would be implementing this
> >> on is a low-traffic, private network.

(sorry for hijacking another persons reply, but I didn't have the
 original post available to reply to)

Kerberos works fine with NIS. It's more secure if you run both over
IPsec (host-to-host transport mode for the local network) because that
ensures that the NIS maps themselves maintain integrity (secrecy isn't
needed with them, integrity is), though it's not necessary for many
environments.

This has come up on these lists a few times in the past. Here's some
links to the threads in the archives:

http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018487.html
http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018838.html
http://archives.neohapsis.com/archives/freebsd/2003-09/0224.html

-T


-- 
"Who would have suspected that life was all going to turn out well?"
    -- Robert Allen

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811024107.GW2959>