Dear Bjorn, Thanks for the hint about rpasswd. It is well described in http://howto.zgp.org/NIS-HOWTO/rpasswdd.html, and provides a way for users as well as administrators to change passwords. But I was very surprised that rpasswdd works without you needing to create an entry in /etc/hosts.allow. So although rpasswd fixes one security hole by preventing plaintext passwords going across the network it potentially opens up another. With our old setup even if someone managed to discover the root password it was useless to them unless they also knew an administrator's regular password because neither ssh nor su let them gain root privilege except from a very small number of accounts. But now they can run rpasswd from any machine on the campus and rpasswdd will happily let them change any user's password. Does anyone have any comments on this? Am I missing something? Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691