Date: Tue, 11 Mar 2003 13:45:13 +0000 From: Scott Mitchell <scott+freebsd@fishballoon.org> To: Neeraj Arora <Neeraj.Arora@ems.rmit.edu.au> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: freebsd nis server with debian clients Message-ID: <20030311134513.GA55019@tuatara.fishballoon.org> In-Reply-To: <se6de398.004@ems.rmit.edu.au> References: <se6de398.004@ems.rmit.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 11, 2003 at 01:24:15PM +1100, Neeraj Arora wrote: > This means, the libraries on Linux do not understand shadow passwords on > NIS. Thus, if I want to use shadow passwords with a Linux Machine, I have > to expose them to clients. There is a possibility that I could delete or > hide the binary ypcat from allowing users to see it, but that does not > disallow any of the users to compile their own version and retrieve > sensitive information. Could this be classified as a security hole??? This is wrong -- Linux NIS is quite happy using shadow passswords, it just implements them differently to FreeBSD. The problem is that the FreeBSD NIS Makefile does not, by default, generate the shadow.byname map that Linux clients are expecting to see. To generate this map, you need to patch /var/yp/Makefile as I described in my earlier reply to your question. The post from Mike Galvez points to a very similar patch. I should point out that I did this to support RedHat boxes here; it should work on Debian as well, but YMMV. Cheers, Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott at fishballoon.org | 0xAA775B8B | -- Anon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311134513.GA55019>