NIS overview

1
NIS overview

• Centralized user/password pool
• Before LDAP. NIS ypcat passwd reveals shadow
  password to John the dictionary cracker.
• NIS OK in a trusted system(IAA). Master / slaves
  working fine.
• NIS is easy to manage and maintain. Very robust
  commands for years. Graphics tool(system-config-us
  ers) ready.

2
Why ldap after all the goodo years

• Openldap(lightweight directory access protocol)
  ready on Linux/Solaris. subset of complex X. 500
  protocol.
• Sun ONE , Microsoft AD. Novell E-directory. Linux
  openldap.
• Centralized database of information. Database
  backends to choose from. User right
  authorization. ACL for password. Management GUI
  (ldap adminstrator(), phpldapadmin,
  ldapbrowser(tiara/hilo))fine.
• Must use crypt as password hash function. /etc/
  migration tools ready. slapd/slurpd (master
  /slave) structure as NIS.
• Solaris native ldap client support buggy.
  recompile openldap client on Sun.

3
Applications support for ldap

• PKI an introduction. Self-signed CA.
• Openldap plus openradius for wireless Lan and VPN
  authentication. Single sign-on power.
• Email(revolution, etc) address book lookup and
  authentication. Web user sign-on. Printer
  name/ip. Automount.
• Ldaps TLS/SSL provides strong security(client
  can also use certificate to claim itself).
  Default is cleartext!

4
Windows/Mac users

• Do we really need it? Active Direcotry seems
  better suited for M. Ldap for Mac OK.
• Add-on applications P-gina to talk to ldap server
• Samba as public domain controller. Popular among
  poor MIS unit. account transition tools to
  openldap account ready. needs to create all new
  accounts.

5
Plan

• Coexist with NIS servers for current uids for
  transition period.
• Ldap is I/O bound, not cpu intensive. Araid 2600
  for OS/data. Plus a slave.
• AD for MS Windows. Environment mature.
• Openldap HA(highly available)?
• Ldap very complicated. Learn by doing.