OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [suse-security] NIS interoperability
From: Alan Miller (alanbintec.de)
Date: Mon Oct 02 2000 - 09:30:19 CDT

Since this question is "security" relevant and I don't know where
else to ask I thought I ask it here.

My NIS Server is a Solaris box.
My NIS Clients are (primarily) SuSE boxes (6.0,6.4,7.0).

On the NIS server I've moved the encrypted passwds into the
passwd.adjunct file.

This seems to be okay for the SuSE 7.0 boxes. Login is successful.
However on 6.0 and 6.4 boxes the login always fails with "login incorrect".

A trace between client (SuSE 6.4, or 7.0) and server basically shows:

 client -> server Get Map Name: passwd.byname, Key=<user>
 server -> client Key Matched: Value = user:##user:uid:gid:gcos:home:sh
 client -> server Get Map Name: passwd.adjunct.byname, Key=<user>
 server -> client Key Matched: Value = user:##user:uid:gid:gcos:home:sh
 client -> server Get Map Name: shadow.byname, Key=<user>
 server -> client Key Matched: Value = EMPTY

This is security relevant since the idea behind passwd.adjunct is
that it hinders normal user's from retrieving the encrypted passwords
via "ypcat passwd".

Alan
+--------------------------------------------------------------------+
| Alan Miller BinTec Commmunications AG |
| System/Network Administrator Südwestpark 94 |
| Voice: +49 911 96 73 14 55 D-90449, Nürnberg |
| Fax: +49 911 96 73 14 99 Germany |
| mailto:alanbintec.de http://www.BinTec.de |
+--------------------------------------------------------------------+

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com