Show Table of Contents
188.8.131.52. Use Kerberos Authentication
One of the issues to consider when NIS is used for authentication is that whenever a user logs into a machine, a password hash from the
/etc/shadowmap is sent over the network. If an intruder gains access to an NIS domain and sniffs network traffic, they can collect usernames and password hashes. With enough time, a password cracking program can guess weak passwords, and an attacker can gain access to a valid account on the network.
Since Kerberos uses secret-key cryptography, no password hashes are ever sent over the network, making the system far more secure. Refer to Section 48.6, “Kerberos” for more information about Kerberos.