> > One's own domainname, nothing. But someone else knowing your > > domainname gives that someone a significant edge when it comes to > > breaking in to your machines. > > Given the more recent versions of ypserv I don't see any major security > problems left with YP. i.e the patches which Sun (at least, and maybe HP if > you believe their docs) produced which tells a ypserv and portmapper which > machines they should talk to. > > Back before these patches one could extract yp maps from a random domain using > ypxfer, or hand written code but this no longer works with the newer code. > > If there are other security hole left please enlighten me. Any user on the legal hosts still can get encrypted passwords. No password aging and password quality control mechanism in heterogenious environments. The host based access control in ypserv can be easily circumvented by adding your own system to the local LAN and spoofing an address. The changes sure protect against attacks from remote sites, but local security is still very low. bye afx -- Andreas Siegert afx@ibm.de / afx@barolo.ak.munich.ibm.com / AFX at IPNET Every time we've moved ahead in IBM, it was because someone was willing to take a chance, put his head on the block, and try something new - Thomas Watson, Jr.