Re: Replacement for NIS? (was Re: Obtaining NIS domainname from

[beck () cs ualberta ca (Bob Beck)]

> > > [.. NIS sucks dead bunnies through bent straws ..]
> > [.. But Wait, doesn't new NIS not suck? .. ]
>
> Any user on the legal hosts still can get encrypted passwords.

        This one is still a problem is most cases.. but see below..
It depends on if you trust of your users, and if you don't, at least
to this degree, you have other problems.

> No password aging and password quality control mechanism in heterogenious
> environments.

        You can do this decently with anlpasswd, which includes a Yellow
Plague (NIS) backend to do the passwd changes. all you have to do is 
replace the yppasswd/passwd commands. Works reasonably well in our
heterogenous environment (A maze of twisty little unix versions, all 
different) 

> The host based access control in ypserv can be easily circumvented by adding
> your own system to the local LAN and spoofing an address.

        If I can add my own system to the local LAN, I can just sniff
packets and grab the plaintext of them as they cross the net, not like
it's even hard, so unless all your stuff is encrypted the fact that
you can grab a Yellow Plague map by plugging in another machine is
almost meaningless, If you can plug in another machine, you're hosed
anyway, with or without Yellow Plague.

        Not to mention, that even if your systems are very well looked
after, chances are very good there is at least one or two holes your
vendor has blessed you with that will allow a local user to get root.
(If they're not very well looked after you can just about guarantee
it). Meaning they may be able to sniff the net anyway.

> The changes sure protect against attacks from remote sites, but local
> security is still very low.

        My NSHO, It depends if you do or don't consider equivalent
access.  While not impossible, it's still very difficult to set up a
large scale shared environment with a network where the physical
access problems, or problems with protocols themselves which are
designed for a trusted environment don't make it difficult or
impossible to do it if you do not have any degree of trust to your
users. Realisticly, if you want to run Yellow Plague, you're probably
already talking about a relatively "trusting" environment, with a
number of hosts. You're probably exporting filesystems, sharing a
likely physically insecure network, stuff like that. If you've already
got things like that, and you're worried about the (in)security level
of Yellow Plague, you've got other equivalent things to worry about,so
you have to decide that either:

        1) You have some degree of trust and conditions of use on
        your users.

        2) If you don't you don't run YP (NIS), but at the point where
you decide you're not gonna run YP you've got a lot of other things you
shouldn't be doing too.  Otherwise, worrying about YP is just locking 
a door and leaving the windows wide open (with flashing lights and signs
pointing to them :)