[ILUG] Deleting Multiple Users at Once

[Conor Wynne]

On Tue, 12 Sep 2006 19:27:44 +0100, Stephen Shirley <diamond at skynet.ie>  
wrote:

> On 12/09/06, conor at discuskeeping.com <conor at discuskeeping.com> wrote:
>> Eeuuh NIS, use LDAP people.
>
> Not everyone wants or needs LDAP.

But is NIS not inheriently insecure? Sure we went on enough about IPV6, at  
least there are
valid security reasons for going with LDAP. :-)

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-server-nis.html

"NIS is rather insecure by todays standards. It has no host authentication  
mechanisms and passes all of its information over the network unencrypted,  
including password hashes. As a result, extreme care must be taken to set  
up a network that uses NIS. Further complicating the situation, the  
default configuration of NIS is inherently insecure"

OK, in this scenario -> a lab, it really does not matter, but LDAP is a  
doddle to setup these days (especially on SUSE boxen)

Mind you, Microsoft use NIS for there _shoddy_ services for UNIX product.  
Its really crap I'll tell you.
Especially for a company which pushes AD/kerberos/security and all. The  
mind boggles. (little rant there)

"One of the most glaring flaws inherent when NIS is used for  
authentication is that whenever a user logs into a machine,
a password hash from the /etc/shadow map is sent over the network"

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ch-kerberos.html#S1-KERBEROS-DEFINITION
http://web.mit.edu/kerberos/www/

Hmm, kerberos.

> Steve

Regards,
Conor