From owner-freebsd-security  Wed Nov  3 12: 5:57 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ares.maths.adelaide.edu.au (ares.maths.adelaide.edu.au [129.127.246.5])
	by hub.freebsd.org (Postfix) with ESMTP id 743C515864
	for <freebsd-security@freebsd.org>; Wed,  3 Nov 1999 12:05:50 -0800 (PST)
	(envelope-from glewis@ares.maths.adelaide.edu.au)
Received: (from glewis@localhost)
	by ares.maths.adelaide.edu.au (8.9.3/8.9.3) id GAA32013
	for freebsd-security@freebsd.org; Thu, 4 Nov 1999 06:35:21 +1030 (CST)
	(envelope-from glewis)
From: Greg Lewis <glewis@trc.adelaide.edu.au>
Message-Id: <199911032005.GAA32013@ares.maths.adelaide.edu.au>
Subject: Re: Security and NIS - alternatives?
In-Reply-To: <199911031758.AA215051921@broccoli.graphics.cornell.edu> from Mitch
 Collinsworth at "Nov 3, 1999 12:58:40 pm"
To: freebsd-security@freebsd.org
Date: Thu, 4 Nov 1999 06:35:21 +1030 (CST)
X-Mailer: ELM [version 2.4ME+ PL56 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> NIS doesn't send plain text passwords over the net.  It only sends the
> encrypted form over the net.  The plain text is encrypted on the client
> and compared against the encrypted form.

I am certainly aware of this, I'd just prefer that the encrypted password
wasn't sent over the wire either, since that in itself is a point of attack
that I've so far avoided by forcing people to use ssh.

> If you want something better than that, have a look at kerberos.

I will, thanks for your suggestion!

-- 
Greg Lewis 				glewis@trc.adelaide.edu.au
Computing Officer			+61 8 8303 5083
Teletraffic Research Centre


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message