Overview of NIS+ to LDAP Migration
Comparing Features and Security Between LDAP-UX and NIS+
access the database. The LDAP server provides global account and password policies to LDAP-enabled clients and applications. There are some feature differences between LDAP and NIS+.
Table 1-1 compares features between LDAP and NIS+:
Table 1-1 | Features Comparison between LDAP and NIS+ | |
| | | | |
| Feature | NIS+ | | LDAP |
| | | | |
| hierarchical data | yes | | yes |
| | | | |
| dynamic updates | yes | | yes |
| | | | |
| dynamic replication | yes | | yes |
| | | | |
| access control list | yes | | yes |
| | | | |
| complex data | no | | yes |
| | | | |
| multiple master replication | no | | yes |
| | | | |
| trusted system mode on | yes | | a |
| HP-UX | | | |
| | | | |
| account/password policies | yes | | yes |
| | | | |
a.LDAP-UX Client Services version B.03.30 or later supports coexistence with Trusted Mode.
Security Comparison Between LDAP-UX and NIS+
This section describes the security comparison between NIS+ and LDAP as follows:
•NIS+ uses SecureRPC with Diffie-Hellman authentication. This mechanism uses public/private key pairs which are 192-bits long. It is an old mechanism which has been shown to be compromised easily.
•With the LDAP-UX product, the HP-UX operating system can use an LDAP directory for centralized security policy enforcement, authentication and authorization. LDAP-UX supports simple and SASL Digest-MD5 for user and proxy authentication. SSL is also supported for secured communication between an LDAP client and the directory server. With SSL support, the LDAP-UX Client provides a more secure way to protect the password over the network. SSL is a more robust scheme than SecureRPC.