Re: nis & shadow
This is true. However note how you said "if the request for the map comes from a
non-root user". How do you supposed the NIS server determines that you're "not a
root user"? I'll tell you: ident. I can whip up an ident server on my NT box in two
minutes that'll tell you I'm any user I want. This is not security.
Gergely Madarasz wrote:
> On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:
> > Note there is little use to combining shadow passwords and NIS. Any machine on
> > the net can get NIS maps. Now, if you're using NIS+ that's a different story
> > because authentication is used.
> You can mangle the password field of the shadow map if the request for the
> map comes from a non-root user. This is from /etc/ypserv.conf :
> # Host : Map : Security : Passwd_mangle
> * : shadow.byname : port : yes
> So if someone (not root) does ypcat shadow.byname he will only see :x:
> instead of the real encrypted password.
> Madarasz Gergely firstname.lastname@example.org email@example.com
> Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
> HuLUG: http://www.cab.u-szeged.hu/local/linux/
Jens B. Jorgensen
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .