Date: Tue, 18 Dec 2007 10:36:40 -0800 (PST) From: RA Cohen <roy2098@yahoo.com> To: freebsd-questions@freebsd.org Subject: NIS Linux - Ubuntu Message-ID: <615143.82582.qm@web54207.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
I've read most of what is out there on NIS - Linux interoperability. Unfortunately, nothing explains what we encountered on a FreeBSD 6.2 machine running NFS and NIS:
1. FreeBSD clients work as advertised, they interpret the password maps correctly; we export the server's /usr/home filesystem and users' home directories are automatically easily available.
2. "...just installed a clean Ubuntu 7.10 (newest) and set up NIS and he's STILL able to log in as ANY user without a password and can access their network drive when it's mounted"
Number 2 above scared the living daylights out of me. I checked permissions on the /usr/home directories, all set to 770 (each user in in their own group). The Ubuntu client could still walk all over this filesystem. Let me be clear: any valid username (as exported by the NIS maps) was authenticated with any password. Somehow Ubuntu was given root user permissions no matter what user was logged in. When we changed the /var/yp/Makefile to create maps with an 'x' instead of an '*' this fixed the problem but also resulted in no valid logins from the Ubuntu clients at all. And I have not checked the FreeBSD client machines to see how they deal with the 'x' in the password map but that doesn't matter; what concerns me is how Ubuntu was given free access over the filesystem...That makes NIS unuseable in our environment (a public high school) because what about Mac's? and other Linux-type clients?
Can anyone shed a clue on what is occurring here? Seems like a dangerous hole in FBSD's NIS implementation. I know, I should move to Kerberos/LDAP but that realistically cannot happen until the summer.
Thank you in advance for your help!
RA Cohen
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?615143.82582.qm>