NIS+ to LDAP Migration Guide
Overview of NIS+ to LDAP Migration
Comparing Features and Security Between LDAP-UX and NIS+
Chapter 16
access the database. The LDAP server provides global account and
password policies to LDAP-enabled clients and applications. There are
some feature differences between LDAP and NIS+.
Table 1-1 compares features between LDAP and NIS+:
Security Comparison Between LDAP-UX and NIS+
This section describes the security comparison between NIS+ and LDAP
as follows:
• NIS+ uses SecureRPC with Diffie-Hellman authentication. This
mechanism uses public/private key pairs which are 192-bits long. It
is an old mechanism which has been shown to be compromised easily.
• With the LDAP-UX product, the HP-UX operating system can use an
LDAP directory for centralized security policy enforcement,
authentication and authorization. LDAP-UX supports simple and
SASL Digest-MD5 for user and proxy authentication. SSL is also
supported for secured communication between an LDAP client and
the directory server. With SSL support, the LDAP-UX Client
provides a more secure way to protect the password over the
network. SSL is a more robust scheme than SecureRPC.
Table 1-1 Features Comparison between LDAP and NIS+
Feature NIS+ LDAP
hierarchical data yes yes
dynamic updates yes yes
dynamic replication yes yes
access control list yes yes
complex data no yes
multiple master replication no yes
trusted system mode on
HP-UX
yes
a
account/password policies yes yes
a. LDAP-UX Client Services version B.03.30 or later supports
coexistence with Trusted Mode.