Re: OT: Is it so easy to break into an NIS?
On Tuesday 18 March 2003 04:13 pm, Haim Ashkenazi wrote:
> Hi
Hello,
> A friend just asked me this question and I got curious. say I'm equipped
> with a linux laptop and some knowledge, I can walk into a company that uses
> NIS, find out the settings (NISDOMAIN, free ip address, etc...) and join
> their domain. now I can login as root on my computer, su to any user and
> see/change/delete his files. is it that easy?
Yes, quite. NIS uses no authentication whatsoever.
> of-course, administrators should protect their mounts with netgroups
> permissions, and users should protect their important files with
> encryption, but how many of these you see?
Not many. The problems you describe above are well-known.
> any ideas? suggestions?
Use LDAP and Kerberos instead of NIS. They are equally or better supported
in every situation I know of.
- Keegan
Reply to: