Quoting Haim Ashkenazi (haim@consonet.com):
> A friend just asked me this question and I got curious. say I'm
> equipped with a linux laptop and some knowledge, I can walk into a
> company that uses NIS, find out the settings (NISDOMAIN, free ip
> address, etc...) and join their domain. now I can login as root on my
> computer, su to any user and see/change/delete his files. is it that
> easy?
On a typical NIS/NFS setup, it's pretty easy from a workstation to break
into other files on the NFS shares. Breaking into the NIS/NFS master is
and should be extremely non-trivial.
NIS is typically used only inside organisations where random members of
the public aren't given free rein to plug in their laptops and snoop.
(Employees can try that, but have a lot to lose if caught at it.)
Networks needing a greater degree of privacy and authentication can try
AFS/Kerberos (entailing non-free server-end software). Substituting
LDAP-SSL for NIS is arguably a step forward, but then NFS remains a
problem (No Friggin' Security).
--
Cheers, The genius of you Americans is that you never make
Rick Moen clear-cut stupid moves, only complicated stupid moves
rick@linuxmafia.com that make us wonder at the possibility that there may be
something to them that we are missing. --Gamel Abdel Nasser