[OpenAFS] Distributing passwd
Derek Atkins
warlord@MIT.EDU
11 Jun 2003 12:48:45 -0400
Stephen Joyce <stephen@physics.unc.edu> writes:
> It would be wise to think twice (or more!) before deploying NIS due to
> security concerns.
Ok, what security concerns? The encrypted password isn't stored there
(we use Kerberos) -- you can just put a '*' in there. So, what
particular concerns about NIS are you worried about?
> Have you considered simply storing master copies of your passwd, group,
> hosts files, etc in AFS and having each client regularly update its local
> copy from the master?
Ok, how is this any more secure than NIS? Your client isn't authenticating
or encrypting this traffic any more than NIS is.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available