Date: Wed, 3 Nov 1999 10:38:35 -0600 From: Michael Maxwell <drwho@xnet.com> To: freebsd-security@freebsd.org Subject: Re: Security and NIS - alternatives? Message-ID: <19991103103835.A10478@typhoon.xnet.com> In-Reply-To: <199911030811.SAA29824@ares.maths.adelaide.edu.au>; from Greg Lewis on Wed, Nov 03, 1999 at 06:41:13PM %2B1030 References: <199911030811.SAA29824@ares.maths.adelaide.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 03, 1999 at 06:41:13PM +1030, Greg Lewis wrote: > Hi all, > > I am about to undertake setting up a number of FreeBSD workstations and > have been reading up on NIS in the FreeBSD man pages. Statements like the > following in yp(4) concern me somewhat: > > While these enhancements provide better security than stock NIS, they are > by no means 100% effective. It is still possible for someone with access > to your network to spoof the server into disclosing the shadow password > maps. > > I have noted the steps which can be taken to provide better security than > standard, but the fact that holes remain is a concern. I also note that > NIS+ doesn't appear to be currently supported. > > This is not meant to be a complaint, I simply wish to ask if there is a > more secure alternative? I'd like one where passwords were not sent over > the network except via something like SSL or an ssh tunnel. Well, to top that all off, it would be nice to have something more secure that is able to play nicely with Sun machines. There is simply no way to implement the extra security measure provided in the FreeBSD NIS when using anything other than FreeBSD (that I'm aware of). -- Fight email spam: http://www.cauce.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991103103835.A10478>