From owner-freebsd-questions Tue Aug 7 8:28:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (Postfix) with ESMTP id B825B37B405 for ; Tue, 7 Aug 2001 08:28:12 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.11.4/8.11.4) id f77FRxj02832; Tue, 7 Aug 2001 10:27:59 -0500 (CDT) (envelope-from dan) Date: Tue, 7 Aug 2001 10:27:58 -0500 From: Dan Nelson To: rsavage@nandomedia.com Cc: dannyman , questions@FreeBSD.ORG Subject: Re: NIS in FreeBSD Message-ID: <20010807102758.A6138@dan.emsphone.com> References: <20010807014312.A14813@toldme.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.20i X-OS: FreeBSD 5.0-CURRENT Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In the last episode (Aug 07), rsavage@nandomedia.com said: > I beg to differ! I just setup and tested two FreeBSD 4.3 machines. > One as a master NIS server, and the other as a NIS client. When I > changed my user's password on the client, I saw the "clear-text" > password while I was sniffing the box. Did I do something > diffrently? Or not complete? You are correct. During password changes, the password is sent in plaintext. The solution to this is to change your passwords only on the NIS master. During regular logins, only the encrypted password is sent, so the rest of dannyman's post applies with respect to DES vs MD5, etc. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message