|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Anthony Schneider (aschneid
mail.slc.edu)Date: Sun Apr 07 2002 - 12:35:37 CDT
>
> NIS is a security issue, cause it sends the passwords file trough the network, and any user can sniff it or get it by 'ypcat passwd'. So i would suggest a combination of NIS and RADIUS. NIS takes care of the home directories and users, and RADIUS would authenticate the users. We use it at the University of Gent in our little basement for 6 pc's and 50 users ...
>
'ypcat passwd' does not show passwords...(it shows the usual /etc/passwd style '*'
in field 2). I believe, however, that if you have an improperly permed
master.passwd in your /var/yp directory that that can be read by 'ypcat
master.passwd', but i've never tried it.
on a private, small LAN, NIS can be okay, but you're right, passwords are passed
in plaintext across the network. I'd say use Kerberos, OpenLDAP or perhaps even
NIS+ (although, i know little about NIS+, but what i do know is that security-wise
it's a good bit higher on thew ladder than NIS).
-Anthony.
-Anthony.
-----------------------------------------------
PGP key at:
http://www.keyserver.net/
http://www.anthonydotcom.com/gpgkey/key.txt
Home:
http://www.anthonydotcom.com
-----------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjywg2gACgkQ+rDjkNht5F1IDgCgm92VSbhvmmqzDLA1ZFqtYjLx
0oQAnA5vkmgzj8N6/v1uyxIQaqz7rn/z
=fGAy
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]