Re: Best way to serve home directories?

[Nico De Ranter <nico sonycom com>]

> Hi all,
> 
> I have a RH 5.2 box that, among other things, is to serve up home
> directories for other Linux and 'doze boxes.  I thought at first using
> NIS was the way to go, but learned that it is insecure.  Since

NFS is insecure too.  It largely depends on what you want to do and what you want
to protect from.  If the Internet is your problem then NIS should be OK as
long as you don't allow it to go through the firewall.  NIS works either
through broadcast or with 1 or more specified servers ( I don't know whether
Linux supports this).  So if somebody sets up a new NIS server INSIDE your network
he/she might takeover your machines by providing false password information.

So if you're fairly confident in your local network, I'd say go for it.  It definitely
is the easiest solution.

> eventually I want to be connected to the Internet all the time, I gave
> up on that idea.  BTW, I have a gateway machine running ipfwadm.  So
> next I tried just doing an NFS export of home directories, but due to
> UID conflicts between the different Linux machines, that didn't work. 

That's even more insecure :-)

> Any ideas on what to try next?  TIA.

* If you have a very small network you might wanne try just copying the password and group
files :-).
* try NIS+ (is this available on Linux?) it's safer I heard but a lot more difficult
to implement as NIS


Nico

-- 
-----------------------------------------------
system failure ... hit any user to continue ...
-----------------------------------------------
Nico De Ranter
Sony Service Center (PSDC-B/DNSE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: nico deranter sonycom com