I received a lot, I mean a lot, of requests after I had published my 3 last posts about the storage of NIS maps in Active Directory [ KUG – – AHi ] – The main problem was my posts are in French 😉 and a lot of people tried to use Google Translate to get it, but it wasn’t perfect.
So, from the popular demand, I decided to translate it in English.
These organizations have a « IT history », from years, and a lot of very important information still remain in the NIS maps (automount, etc.) So, the goal is to use Kerberos/LDAP for authentication/authorization services and a NIS Gateway service which expose to NIS client the maps NIS which are stored in Active Directory.
Using this way, we get the best of the two worlds, we can secure the authentication with Kerberos and the organization is able to continue to use the NIS maps for the legacy needs.
NIS is slightly more complex as it uses encryption for the data transfers between the NIS server and NIS client.
Regular NIS does not use encryption, thus it should only be used for isolated or private networks protected by a firewall.
Currently, when a user is added to the lab, the process must be repeated on all 15 machines.
For sure, it is very bad to use NIS authentication and NIS authorizations, it is really better to use Kerberos ad LDAP instead.
I will not go in the details now, but it is true that NIS is not something secured, however, the fact to totally eliminate the NIS Services is impossible for a lot of organizations.
English is not my native language, so sorry in advance if you will find some ‘bugs’ in the text.
As I explained in one of my last post (sorry again in French !Here are instructions for remaking a sample NIS map called NIS intelligently parses the setup files.