[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nis & shadow

This is true. However note how you said "if the request for the map comes from a
non-root user". How do you supposed the NIS server determines that you're "not a
root user"? I'll tell you: ident. I can whip up an ident server on my NT box in two
minutes that'll tell you I'm any user I want. This is not security.

Gergely Madarasz wrote:

> On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:
>
> > Note there is little use to combining shadow passwords and NIS. Any machine on
> > the net can get NIS maps. Now, if you're using NIS+ that's a different story
> > because authentication is used.
>
> You can mangle the password field of the shadow map if the request for the
> map comes from a non-root user. This is from /etc/ypserv.conf :
>
> # Host                       : Map              : Security   : Passwd_mangle
> *                            : shadow.byname    : port       : yes
>
> So if someone (not root) does ypcat shadow.byname he will only see :x:
> instead of the real encrypted password.
>
> Greg
>
> --
> Madarasz Gergely           gorgo@caesar.elte.hu         gorgo@linux.rulez.org
>           Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
>               HuLUG: http://www.cab.u-szeged.hu/local/linux/



--
Jens B. Jorgensen
jjorgens@bdsinc.com



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: