Re: Shadow and NIS/YP
You (Christian Schwarz) wrote:
> Hi folks!
>
> There was a lot of discussion about the move to shadow, incompatibility
> problems with that, and about whether this should be done before 1.2.
>
> Since I use NIS/YP in my local network (all Debian workstations) I'm
> wondering what I can do if Debian moves over to shadow! I don't think
> using NIS and shadow passwd together makes much sense, since everyone can
> do a `ypcat shadow' and actually _see_ the encrypted passwords.
Nope - with the Debian NIS server, you can actually protect the
shadow map:
> I heard of a feature of the new NIS+/NYS that is able to specify special
> access rights to individual columns of its data files. So, for example,
> one can specify that _normal users_ don't have access to the passwd column
> in /etc/passwd (distributed via YP). This feature would make an
> /etc/shadow obsolete.
This is not a feature of NIS+ and/or NYS - it's a feature of the GPL'ed
NIS server that Debian uses (in fact it was my idea). At Cistron we
have been using this for quite some time now.
Mike.
--
Miquel van | Cistron Internet Services -- Alphen aan den Rijn.
Smoorenburg, | mailto:info@cistron.nl http://www.cistron.nl/
miquels@cistron.nl | Our vision is to speed up time, eventually eliminating it.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: