[rescue] Sol10 U4 info from Sun

Meelis Roos mroos at linux.ee
Wed Aug 15 15:03:23 CDT 2007

> NIS+ was just created for a specific LARGE customer that needed it.

Well, we (or rather they) tried to use it at Tartu University, Estonia. 
During some first Solaris releases it was weak and unstable for us (plus 
the learning curve). Like adding a backup server when the primary went 
down - should have helped, but it actually took down the secondary 
server alogn with the primary. Sometime around 2.4 or 2.6 it became 
stable and our admin got good-enough grasp of it - but the some other 
departments were added (around 9000 accounds and around 10 subdomains 
total) and it seemed we grew out of it again. Like a race, we adding 
users and Sun fixing NIS+. We seemed to be a too big customer, and that 
was strange - a simple university.

Well, there was a saying at our CS department, something like this:
"NIS and NFS, we all know them. NIS is when you are asked for extra 
password and NFS is when your home direcotry is missing".

The security of NIS+ was also lacking - DH private key table was open 
to the world and its encrpytion was crippled to 40 bits so one of our 
univeristy department admins demonstrated how he could easily crack 
around 6% of users passwords from home, outside any University network. 
We had some custom wrappers there but as I understand this kind of 
security problem was never fixed.

We migrated to LDAP several years ago and never looked back.

Meelis Roos (mroos at linux.ee)

More information about the rescue mailing list