Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 7 Apr 2002 13:35:37 -0400
From:      Anthony Schneider <aschneid@mail.slc.edu>
To:        Pieter Danhieux <pdanhieux@easynet.be>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Centralized authentication
Message-ID:  <20020407133536.A140@mail.slc.edu>
In-Reply-To: <20020407192004.5cbecd18.pdanhieux@easynet.be>; from pdanhieux@easynet.be on Sun, Apr 07, 2002 at 07:20:04PM %2B0200
References:  <874riov1et.wl@delta.meridian-enviro.com> <20020406170014.5f47c85f.cyschow@shaw.ca> <20020407192004.5cbecd18.pdanhieux@easynet.be>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
> 
> NIS is a security issue, cause it sends the passwords file trough the network, and any user can sniff it or get it by 'ypcat passwd'. So i would suggest a combination of NIS and RADIUS. NIS takes care of the home directories and users, and RADIUS would authenticate the users. We use it at the University of Gent in our little basement for  6 pc's and 50 users ...
>
'ypcat passwd' does not show passwords...(it shows the usual /etc/passwd style '*'
in field 2).  I believe, however, that if you have an improperly permed
master.passwd in your /var/yp directory that that can be read by 'ypcat 
master.passwd', but i've never tried it.

on a private, small LAN, NIS can be okay, but you're right, passwords are passed
in plaintext across the network.  I'd say use Kerberos, OpenLDAP or perhaps even
NIS+ (although, i know little about NIS+, but what i do know is that security-wise
it's a good bit higher on thew ladder than NIS).
-Anthony.

-Anthony.

-----------------------------------------------
PGP key at:
    http://www.keyserver.net/
    http://www.anthonydotcom.com/gpgkey/key.txt
Home:
    http://www.anthonydotcom.com
-----------------------------------------------


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjywg2gACgkQ+rDjkNht5F1IDgCgm92VSbhvmmqzDLA1ZFqtYjLx
0oQAnA5vkmgzj8N6/v1uyxIQaqz7rn/z
=fGAy
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020407133536.A140>