[rescue] Sol10 U4 info from Sun
Meelis Roos
mroos at linux.ee
Wed Aug 15 15:03:23 CDT 2007
> NIS+ was just created for a specific LARGE customer that needed it.
Well, we (or rather they) tried to use it at Tartu University, Estonia.
During some first Solaris releases it was weak and unstable for us (plus
the learning curve). Like adding a backup server when the primary went
down - should have helped, but it actually took down the secondary
server alogn with the primary. Sometime around 2.4 or 2.6 it became
stable and our admin got good-enough grasp of it - but the some other
departments were added (around 9000 accounds and around 10 subdomains
total) and it seemed we grew out of it again. Like a race, we adding
users and Sun fixing NIS+. We seemed to be a too big customer, and that
was strange - a simple university.
Well, there was a saying at our CS department, something like this:
"NIS and NFS, we all know them. NIS is when you are asked for extra
password and NFS is when your home direcotry is missing".
The security of NIS+ was also lacking - DH private key table was open
to the world and its encrpytion was crippled to 40 bits so one of our
univeristy department admins demonstrated how he could easily crack
around 6% of users passwords from home, outside any University network.
We had some custom wrappers there but as I understand this kind of
security problem was never fixed.
We migrated to LDAP several years ago and never looked back.
--
Meelis Roos (mroos at linux.ee)
More information about the rescue
mailing list