Date: Fri, 10 Nov 1995 11:26:54 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: kallio@jyu.fi (Seppo Kallio) Cc: questions@freebsd.org Subject: Re: Is NIS ypcat showing crypted passwds? Message-ID: <199511101826.LAA03926@phaeton.artisoft.com> In-Reply-To: <v01530503acc8d542fd64@[130.234.41.39]> from "Seppo Kallio" at Nov 10, 95 01:22:05 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> The FreeBSD passwd shadow (master.passwd) is good for security, nobody can > try to crack the passwds. > > BUT. > > Do users see crypted passwords and security is worse with NIS than without > it? I have heard that with ypcat command anyone can see the crypted > passwds. ypcat get encrypted passwords from a server the same way the remote system would get encrupted passwords and uid in getting the entry by name. This is an artifact of a distributed environment and cannot be repaired without modifying the credentials mechanism to use ticketed access with expiration and reauthentication. If you have people cracking your system on your side of the firewall, then you are probably screwed anyway, since it means they already have accounts on your machines, and maybe physical access to your ethernet. If this is true, then password cracking is the least of your worries (you should never export system proviledged accounts via YP in any case, the passwords should always be local to each machine on the net). Otherwise, don't allow connections to the YP ports through the firewall. Use of YP is heavily tied to the concept of vouchsafe security: it is used for NFS and central administration of multiple machines with a single security model, where breaking into one machine is tantamount to breaking into all of them. With NFS, the client machine vouches that the credentials it is sending to the server are the correct credentials and not fake. That means in a YP environemnt, just like in an rlogin/rcp/rsh/rcmd environment, the security is equal to the security on the least secure machine. If people have access to the physical ethernet and can attach equipment, then a SPARCBook (for instance) can masquerade as any machine, since it can rewrite its hardware address. Then hiding your password file won't do you any good, since an ARP on the machine will show a trusted host for NFS mounting or rlogin/rcp/rsh/rcmd vouching. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511101826.LAA03926>