[TUHS] YP / NIS / NIS+ / LDAP
Grant Taylor
gtaylor at tnetconsulting.net
Tue Nov 6 05:27:29 AEST 2018
On 11/05/2018 12:24 AM, Mantas Mikulėnas wrote:
> There was `ypcat passwd`, wasn't there?
I suppose. I don't have any first hand experience with NIS(+). So I'm
trying to learn vicariously through others before I dive into any end of
pool that is my lab network.
> I would say that expecting to just pull password hashes from the directory
> service – using it as nothing more than networked /etc/shadow – is
> a bad approach to begin with. Let the client handle authentication via
> Kerberos (or via whatever else is apropriate for AD).
I think I naively thought there was some level of detail(s) sent between
the client and the server such that the server would only return the
pertinent information of the user being ypcated. Thus (hopefully)
preventing seeing other people's shadow information.
> Could you elaborate on that?
I thought that I'd seen equipment that /only/ used LDAP but had
templates for the query to sidle up to AD's LDAP and things just worked.
I.e. you filled in enough details so that the template could construct
the proper LDAP query.
This obviously is not joined to an AD domain and is really just an LDAP
client. (No Kerberos.)
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/1eeb9543/attachment.bin>
More information about the TUHS
mailing list