Date: Thu, 10 Aug 2006 20:41:07 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-questions@freebsd.org Subject: Re: NIS and Kerberos 5 : is it possible / smart? Message-ID: <20060811024107.GW2959@seekingfire.com> In-Reply-To: <44DBD3E2.5060609@u.washington.edu> References: <44D3AD1E.5010807@u.washington.edu> <9aa9fc180608101132i68956d5fg2bae5f411c6ad9f8@mail.gmail.com> <44DBD3E2.5060609@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On 8/4/06, Garrett Cooper <youshi10@u.washington.edu> wrote: > >> Hi all, > >> Just wondering if it's possible for NIS and Kerberos 5 to work in > >> tandem with one another, such that NIS would handle groups and > >> configuration file management and Kerberos would handle authentication > >> only. Also, is this sort of overkill perhaps, where NIS is not really > >> needed? > >> I basically have 3+ machines (2 desktops, 1 laptop, currently), and > >> I want to keep my credentials and information uniform across the > >> machines as much as possible. The network I would be implementing this > >> on is a low-traffic, private network. (sorry for hijacking another persons reply, but I didn't have the original post available to reply to) Kerberos works fine with NIS. It's more secure if you run both over IPsec (host-to-host transport mode for the local network) because that ensures that the NIS maps themselves maintain integrity (secrecy isn't needed with them, integrity is), though it's not necessary for many environments. This has come up on these lists a few times in the past. Here's some links to the threads in the archives: http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018487.html http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018838.html http://archives.neohapsis.com/archives/freebsd/2003-09/0224.html -T -- "Who would have suspected that life was all going to turn out well?" -- Robert Allen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811024107.GW2959>