Re: nis & shadow
This is true. However note how you said "if the request for the map comes from a
non-root user". How do you supposed the NIS server determines that you're "not a
root user"? I'll tell you: ident. I can whip up an ident server on my NT box in two
minutes that'll tell you I'm any user I want. This is not security.
Gergely Madarasz wrote:
> On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:
>
> > Note there is little use to combining shadow passwords and NIS. Any machine on
> > the net can get NIS maps. Now, if you're using NIS+ that's a different story
> > because authentication is used.
>
> You can mangle the password field of the shadow map if the request for the
> map comes from a non-root user. This is from /etc/ypserv.conf :
>
> # Host : Map : Security : Passwd_mangle
> * : shadow.byname : port : yes
>
> So if someone (not root) does ypcat shadow.byname he will only see :x:
> instead of the real encrypted password.
>
> Greg
>
> --
> Madarasz Gergely gorgo@caesar.elte.hu gorgo@linux.rulez.org
> Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
> HuLUG: http://www.cab.u-szeged.hu/local/linux/
--
Jens B. Jorgensen
jjorgens@bdsinc.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: