Hi, I'm using NIS on my network. It's locked down as much as it can be from the outside world (ipfilter and tcp_wrappers) but I've just noticed any normal use can use ypcat to look at the shadow map and obviously be able to see other users encrypted passwords. Although root isn't listed it's still a security risk for other users. Is it possible to stop any normal user from viewing the shadow map, via ypcat? I've also been looking in to alternatives to NIS (although NIS works very well, it's not the most of secure ways as I've said above!). LDAP is one way but I'm not confident enough to try this - I don't have any knowledge of it and when I tried it on a test network, it was a nightmare and didn't work 100%. Documentation seems a bit thin and/or out-of-date currently. Anyway, I searched for some alternatives on freshmeat and one that uses MySQL and nsswitch came up. It's also possible to use encryption (SSL/SSH IIRC) for the connection. Has anyone tried this? Feedback most welcome :) Thanks and regards, David. -- .''`. David Ramsden <david@hexstream.eu.org> : :' : http://portal.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system.
Attachment:
pgp_hE4VxKRNY.pgp
Description: PGP signature