Re: perl or libc6 bug?: getpwnam('root') in NIS environment
On Wed, Apr 14, 1999 at 05:57:41PM +0100, Steve Haslam wrote:
> shadow passwords and NIS don't mix well. Design problem with NIS- there's no
> way for the NIS server to know if a client is privileged to see the
> encrypted password or not, so it's always got to be put in.
The Linux nis server get's around this by having a seperate shadow map
and restricting access to requests originating below port 1024 (ie, a
priviledged port from root on the remote system) and further it can
lock down requests to only to the local subnet.
While this is not a perfect system, it prevents such occurences unless
the user knows what they are doing (or know enough to find a script to
do it for them).
Bottom line, you are correct, NIS is not secure, which is why it will
eventually become obsolete by things like DCE and LDAP.
--
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <b.m.collins@larc.nasa.gov> Debian GNU/Linux
OpenLDAP Core - bcollins@openldap.org bcollins@debian.org
UnixGroup Admin - Jordan Systems The Choice of the GNU Generation
------ -- ----- - - ------- ------- -- ---- - -------- - --- ---- - --
Reply to: