On Sat, 2 Oct 2021 08:42:02 -0400
Demi Marie Obenour <demiobenour(a)gmail.com> wrote:
How many of these can be solved by tunneling everything in a WireGuard
mesh network, and using nftables rules to prevent spoofing?
Sounds harder than setting up NIS+, which was supposed to solve many
of these issues 30 years ago, but still has not displaced NIS. Even
if one can secure NIS on the network, that still leaves the issue of
`ypcat passwd`.
These days, I think FreeIPA or Active Directory are the best choices,
but both are complicated and possibly too much for a SO/HO, workgroup,
or departmental sysadmin. AD has the advantage of supporting Windows,
MacOS, and Samba; the last time I looked FreeIPA was not good at this.
Jim