From owner-freebsd-isp Mon Oct 4 12:22:15 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id 71CCD1555B for ; Mon, 4 Oct 1999 12:21:50 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id MAA70531; Mon, 4 Oct 1999 12:21:49 -0700 (PDT) Date: Mon, 4 Oct 1999 12:21:49 -0700 (PDT) From: David Wolfskill Message-Id: <199910041921.MAA70531@pau-amma.whistle.com> To: freebsd-isp@FreeBSD.ORG, shelton@sentry.granch.ru, st@i-plus.net Subject: RE: One password base for some *NIX boxes In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >From: "Troy Settle" >Date: Sun, 3 Oct 1999 23:18:03 -0400 >The easiest answer, is NIS. But, NIS isn't exactly secure. True enough. >... >When implementing this, you'll need to educate your users so they'll know to >change their passwords on the master server only .... It's not apparent to me why the above suggestion was made. Within the Engineering net here, we use NIS. And I assure you that my desktop isn't even a NIS slave server. Yet: pau-amma[1]% passwd Changing NIS password for dhw on prawn.whistle.com. Old Password: you will see that I had an opportunity to change my NIS password from a NIS client machine, using the usual "passwd" command. >Also note that you'll need to install the DES encryption libraries for >FreeBSD in order to achive the inter-operability you desire. Quite true. And since the non-FreeBSD NIS implementations are unlikely to be aware of the existence of the master.passwd.by{name,uid} maps, you'll also need to tweak the /var/yp/Makefile, per the comments in it, to be less secure (by placing the encrypted password in the passwd.by{name,uid} maps -- where anyone with access to a shell can get the encrypted passwords). Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message