Date: Wed, 20 Nov 1996 02:22:12 -0500 From: "Gary Palmer" <gpalmer@freebsd.org> To: Justin Harvey <jbh@netpci.com> Cc: Michael Dillon <michael@memra.com>, freebsd-isp@freebsd.org Subject: Re: Stupid question no 10101 Message-ID: <7065.848474532@orion.webspan.net> In-Reply-To: Your message of "Fri, 15 Nov 1996 14:56:18 -1000." <Pine.BSF.3.91.961115145434.23937D-100000@delenn.netpci.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Justin Harvey wrote in message ID <Pine.BSF.3.91.961115145434.23937D-100000@delenn.netpci.com>: > Or, yet another alternative is to use NIS, I know you said it was > insecure but you need to define 'insecue'. I bet it would be more secure > than whatever kind of password exchanging mechanism you're thining of > programming. > NIS isn't exactly 'insecure', IMO I think it's had a bad rap due to > people misconfiguring it. You can also configure NIS to share files that > are not defaulted with the package. Try sharing your password file with NIS. Basically, if you use plain old NIS, it publishes your password file (or at least the passwords of your users) to anyone who cares to look (I've been told that there is some program called `ypghost' which lets people do this). I, for one, don't want my users passwords disseminated to anyone who wants an easy back-door into our system. (and, yes, I have thought of using an access list (aka packet filter) on our Cisco gateway, but access lists can be bypassed, and it still leaves it open to all our shell users). Makes it kinda stupid to use NIS in a shadowed password environment ... Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7065.848474532>