Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 7 Apr 2002 13:35:37 -0400
From:      Anthony Schneider <aschneid@mail.slc.edu>
To:        Pieter Danhieux <pdanhieux@easynet.be>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Centralized authentication
Message-ID:  <20020407133536.A140@mail.slc.edu>
In-Reply-To: <20020407192004.5cbecd18.pdanhieux@easynet.be>; from pdanhieux@easynet.be on Sun, Apr 07, 2002 at 07:20:04PM %2B0200
References:  <874riov1et.wl@delta.meridian-enviro.com> <20020406170014.5f47c85f.cyschow@shaw.ca> <20020407192004.5cbecd18.pdanhieux@easynet.be>
next in thread | previous in thread | raw e-mail | index | archive | help 

--HlL+5n6rz5pIUxbD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

>=20
> NIS is a security issue, cause it sends the passwords file trough the net=
work, and any user can sniff it or get it by 'ypcat passwd'. So i would sug=
gest a combination of NIS and RADIUS. NIS takes care of the home directorie=
s and users, and RADIUS would authenticate the users. We use it at the Univ=
ersity of Gent in our little basement for  6 pc's and 50 users ...
>
'ypcat passwd' does not show passwords...(it shows the usual /etc/passwd st=
yle '*'
in field 2).  I believe, however, that if you have an improperly permed
master.passwd in your /var/yp directory that that can be read by 'ypcat=20
master.passwd', but i've never tried it.

on a private, small LAN, NIS can be okay, but you're right, passwords are p=
assed
in plaintext across the network.  I'd say use Kerberos, OpenLDAP or perhaps=
 even
NIS+ (although, i know little about NIS+, but what i do know is that securi=
ty-wise
it's a good bit higher on thew ladder than NIS).
-Anthony.

-Anthony.

-----------------------------------------------
PGP key at:
    http://www.keyserver.net/
    http://www.anthonydotcom.com/gpgkey/key.txt
Home:
    http://www.anthonydotcom.com
-----------------------------------------------


--HlL+5n6rz5pIUxbD
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjywg2gACgkQ+rDjkNht5F1IDgCgm92VSbhvmmqzDLA1ZFqtYjLx
0oQAnA5vkmgzj8N6/v1uyxIQaqz7rn/z
=fGAy
-----END PGP SIGNATURE-----

--HlL+5n6rz5pIUxbD--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020407133536.A140>