Obtaining NIS domainname from Gatorbox

Dennis Glatting (dennisg@CyberSAFE.COM)
Sat, 15 Apr 1995 22:18:48 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert M. Haas: "Re: passwd hashing algorithm"
Previous message: Benjamin Cline: "Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)"
Next in thread: der Mouse: "Re: Obtaining NIS domainname from Gatorbox"

> From: Tim Scanlon <tfs@vampire.science.gmu.edu>
> Date: Thu, 13 Apr 95 20:21:33 -0400
> 

> der Mouse wrote:
> 

> > > Maybe a good reason to join the crowd and not run NIS?
> >
> > I wish.  It's clear to me that NIS is a big problem.  But what else is
> > out there?  We have a definite need to share passwd databases across
> > many machines, from multiple vendors, none of which we have source
> > code to.  How close to a solution can we get?
> 

> There's also NeXT Inc's Netinfo. It's been ported to all
> sorts of other platforms by a company called xedoc.com (I
> think it's xedoc.com.au, as they're down under.) I would
> reccomend taking a serious look at it as an alternate. It
> has more security to it than standard NIS hands down. And
> it's a hell of alot easier to administer than either NIS or
> NIS+, and is far, far more flexible. 

> 

> I've worked extensivly with both, and allthough I will
> readily admit I prefer the NeXT GUI and other aspects of it
> over SunOS, I'm still objective enough to realize that
> there are areas an applications where on OS is going to be
> better than another for certain things. (Like if I'm
> going to do graphics, I'd prefer an SGI over most anything
> else out there) Basicly what I'm trying to say is while I
> belive I'm being very, very objective about my opinions
> on it, don't take my word for it, check it out on your own in
> depth. 

> 

> By no means is it "NIS" but it performs all the same
> functions, plus alot more. I think there may be aspects of
> NIS+ that might be a bit better, like encrypted transfer
> of password maps, but I havn't had the same level of
> experience with NIS+ so I don't want to get into
> comparison there. 

> 

> I would reccomend it completly as being worthy of serious
> consideration as an alternate to NIS, especially in a
> multivendor enviornment that would preclude running
> NIS+ at all or easily. The Xedoc product supports a wide
> variety of vendors systems too. So that's a big plus. 

> 

> One of the best things I can say for it is, I've never heard
> of anyone using, making, or otherwise grabbing a
> password map from netinfo from a totaly alien machine...
> If anyone's heard of this being done, I'd love to hear how &
> under what circumstances. I'm not saying it's not
> possible, but I've seen netinfo frustrate more than one
> hacker, even when they got on a machine using it via other
> means. 

> 


NetInfo isn't as secure as you think. 



-dpg

Next message: Robert M. Haas: "Re: passwd hashing algorithm"
Previous message: Benjamin Cline: "Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)"
Next in thread: der Mouse: "Re: Obtaining NIS domainname from Gatorbox"