Salut! I want to have shadowed passwords on my yp-net because I do not want that every user can see the encrypted passwords. I have only one master ypserver, no slaves but about 20 clients. That's why it would be great if I have to change only some config options on the master. Is there any cheap-dirty-little trick? I am using ypserv version 1.3.9 and ypbind version 1.6 from suse6.3. br, Christoph --- Anything that is good and useful is made of chocolate.
On Mon, 31 Jan 2000, Christoph Schaefer wrote:
Salut!
I want to have shadowed passwords on my yp-net because I do not want that every user can see the encrypted passwords. I have only one master ypserver, no slaves but about 20 clients. That's why it would be great if I have to change only some config options on the master. Is there any cheap-dirty-little trick? I am using ypserv version 1.3.9 and ypbind version 1.6 from suse6.3.
br,
Christoph
Hi Christoph! It is not so useful to try and use shadow passwords over NIS. The point is that you automatically use the security that shadow passwords offer, because NIS is unable to protect the shadow-map against a 'ypcat shadow' command. If you really want to use the functionality of the new glibc-libraries and do not to give up security, you should change your cluster to NIS+. But (as I know which cluster you are administrating!) this might not work with the workstations other than your linux machines. So check out first if all architectures you are using are configurable to NIS+. Best regards Oli
--- Anything that is good and useful is made of chocolate.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
/********************************************\ * * * Oliver Tennert * * * * +49 -7071 -9457-598 * * * * e-mail: O.Tennert@science-computing.de * * science + computing GmbH * * Hagellocher Weg 71 * * D-72070 Tuebingen * * * \********************************************/
Hi, On Mon, Jan 31, Christoph Schaefer wrote:
Salut!
I want to have shadowed passwords on my yp-net because I do not want that every user can see the encrypted passwords.
How do you plan to solve this ? ypcat shadow.byname will always work. Ok, you can say that only requests from port < 1024 are allowed, but this is really no security.
I have only one master ypserver, no slaves but about 20 clients. That's why it would be great if I have to change only some config options on the master. Is there any cheap-dirty-little trick? I am using ypserv version 1.3.9 and ypbind version 1.6 from suse6.3.
Read /var/yp/Makefile on the server. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg Linux is like a Vorlon. It is incredibly powerful, gives terse, cryptic answers and has a lot of things going on in the background.
participants (3)
-
Christoph Schaefer
-
Oliver.Tennert
-
Thorsten Kukuk