NIS+ to LDAP Migration Guide
Overview of NIS+ to LDAP Migration
Comparing Features and Security Between LDAP-UX and NIS+
Chapter 1 7
• NIS+ can hide passwords from users and supports Trusted Mode to
offer extensive password and account policies. But, the passwords
are sent in clear text format over a network.
With LDAP support, passwords can be hidden from users. Passwords
may also be hashed to protect passwords. The LDAP directory server
supports UNIX-crypt, SHA, and SSHA hashing methods. Although
SASL, Digest-MD5 protects passwords over a network during
authentication, it requires passwords to be stored in clear text
format in the directory server.
Table 1-2 compares security between LDAP-UX and NIS+:
Table 1-2 Security Comparison between LDAP-UX and NIS+
Security
NIS+ with
Trusted Mode
LDAP-UX
Coexisting with
Trusted Mode
last login reporting yes local accounts only
auditing yes yes
account expiration yes
a
administrative account lock yes
a
lock account due to max failed
logins
yes
a
option to disallow null passwords yes
a
auto-generated passwords yes
a
password history yes
a
boot authentication local accounts only local accounts only
lock device due to max failed logins yes local accounts only
time-of-day login restrictions yes
a
who last changed the password yes
a
long passwords local accounts only
a