Re: nis & shadow

To: "Jens B. Jorgensen" <jjorgens@bdsinc.com>
Cc: Debian Users <debian-user@lists.debian.org>
Subject: Re: nis & shadow
From: Gergely Madarasz <gorgo@caesar.elte.hu>
Date: Fri, 20 Feb 1998 01:18:13 +0100 (MET)
Message-id: <[🔎] Pine.A32.3.96.980220011404.39601D-100000@caesar.power.elte.hu>
In-reply-to: <[🔎] 34ECCBE3.B8CDEEC9@bdsinc.com>

On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:

> Note there is little use to combining shadow passwords and NIS. Any machine on
> the net can get NIS maps. Now, if you're using NIS+ that's a different story
> because authentication is used.

You can mangle the password field of the shadow map if the request for the
map comes from a non-root user. This is from /etc/ypserv.conf :

# Host                       : Map              : Security   : Passwd_mangle
*                            : shadow.byname    : port       : yes

So if someone (not root) does ypcat shadow.byname he will only see :x:
instead of the real encrypted password.

Greg

--
Madarasz Gergely           gorgo@caesar.elte.hu         gorgo@linux.rulez.org
          Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
              HuLUG: http://www.cab.u-szeged.hu/local/linux/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: nis & shadow
  - From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>

References:
- Re: nis & shadow
  - From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>

Prev by Date: Re: nis & shadow
Next by Date: Re: HELP! Bash 2.01 for bo?
Previous by thread: Re: nis & shadow
Next by thread: Re: nis & shadow
Index(es):
- Date
- Thread