From owner-freebsd-hackers Tue Feb 4 06:47:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA18779 for hackers-outgoing; Tue, 4 Feb 1997 06:47:55 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA18772 for ; Tue, 4 Feb 1997 06:47:47 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id PAA23972; Tue, 4 Feb 1997 15:47:31 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma023781; Tue Feb 4 15:46:43 1997 Received: from giga.lss.cp.philips.com (giga.lss.cp.philips.com [130.144.199.31]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-970131) with SMTP id PAA16217; Tue, 4 Feb 1997 15:46:42 +0100 Received: by giga.lss.cp.philips.com (8.8.5/1.63) id PAA04101; Tue, 4 Feb 1997 15:46:41 +0100 (MET) From: W.Belgers@nl.cis.philips.com (Walter Belgers) Message-Id: <199702041446.PAA04101@giga.lss.cp.philips.com> Subject: Re: NIS/uids To: branson.matheson@ferginc.com Date: Tue, 4 Feb 1997 15:46:41 +0100 (MET) Cc: freebsd-hackers@FreeBSD.org In-Reply-To: from Branson Matheson at "Feb 4, 97 09:42:54 am" Organisation: Origin IT Systems Management /Nederland B.V. X-URL: http://giga.lss.cp.philips.com/cgi-bin/walter.cgi X-Mailer: ELM [version 2.4ME+ PL19 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Branson Matheson writes: > > > +user::::::::/home/john:/usr/local/bin/tcsh > > > > The problem now is that the security on my system has become dependant > > on that of the NIS server. > > That is a fact. because you are using that information from an NIS > server, you will _always_ have a security risk from that server. I know. Normally, one would have the same system administrator for the server and all clients, so it would be no problem at all. In this particular case, I only use NIS to keep the passwords synchronised, the NIS server is not controlled by me. > > The obvious solution is to override the uid in the password file: > > +user::1234:1234:::::/home/john:/usr/local/bin/tcsh > > You can do that .. but at this point the only win you have over > seperate entries in the PW file is a single global password. That's just what I want. > -branson Cheers, Walter. -- Ir. W.H.B. Belgers, Internet Security Specialist phone: +31 40 2782753 Origin IT Syst.Man. /Nederland bv, Bldg VN-513 email: fax: +31 40 2784697 P.O. Box 218, 5600 MD Eindhoven, Netherlands W.Belgers@nl.cis.philips.com non-business-email: walter@giga.nl -web: http://www.IAEhv.nl/users/gigawalt