Date: Mon, 4 Oct 1999 12:21:49 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: freebsd-isp@FreeBSD.ORG, shelton@sentry.granch.ru, st@i-plus.net Subject: RE: One password base for some *NIX boxes Message-ID: <199910041921.MAA70531@pau-amma.whistle.com> In-Reply-To: <NDBBJJENKLPPKCEBOILBIEBCCAAA.st@i-plus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: "Troy Settle" <st@i-plus.net>
>Date: Sun, 3 Oct 1999 23:18:03 -0400
>The easiest answer, is NIS. But, NIS isn't exactly secure.
True enough.
>...
>When implementing this, you'll need to educate your users so they'll know to
>change their passwords on the master server only ....
It's not apparent to me why the above suggestion was made.
Within the Engineering net here, we use NIS. And I assure you that my
desktop isn't even a NIS slave server.
Yet:
pau-amma[1]% passwd
Changing NIS password for dhw on prawn.whistle.com.
Old Password:
you will see that I had an opportunity to change my NIS password from a
NIS client machine, using the usual "passwd" command.
>Also note that you'll need to install the DES encryption libraries for
>FreeBSD in order to achive the inter-operability you desire.
Quite true. And since the non-FreeBSD NIS implementations are unlikely
to be aware of the existence of the master.passwd.by{name,uid} maps,
you'll also need to tweak the /var/yp/Makefile, per the comments in it,
to be less secure (by placing the encrypted password in the
passwd.by{name,uid} maps -- where anyone with access to a shell can get
the encrypted passwords).
Cheers,
david
--
David Wolfskill dhw@whistle.com UNIX System Administrator
voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910041921.MAA70531>