home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.sys.sun.admin:5940 comp.unix.admin:4764
- Newsgroups: comp.sys.sun.admin,comp.unix.admin
- Path: sparky!uunet!pipex!warwick!cudcv
- From: cudcv@warwick.ac.uk (Rob McMahon)
- Subject: Re: NIS, slave servers and DNS access
- Message-ID: <69rpbtkg@csv.warwick.ac.uk>
- Sender: news@csv.warwick.ac.uk (Network news)
- Nntp-Posting-Host: shark
- Organization: Computing Services, Warwick University, UK
- References: <92241.144541QQ11@LIVERPOOL.AC.UK>
- <1992Aug28.163833.28635@fwi.uva.nl>
- Date: Sat, 29 Aug 1992 14:48:01 GMT
- Lines: 37
-
- In article <1992Aug28.163833.28635@fwi.uva.nl> casper@fwi.uva.nl (Casper H.S.
- Dik) writes:
- >You can't prevent clients from binding to a server.
-
- True, but you can talk to them nicely and ask them to use a different one. I
- routinely have
-
- /usr/etc/yp/ypset 127.1
-
- after the ypbind in /etc/rc.local, to save queries going over the network.
- You need to use the `-ypsetme' option on ypbind, which shouts a bit about
- being insecure. (Just how insecure is this ? It seems to me that since
- ypbind will only accept ypset requests from root, and will only bind to a
- server running as root, this doesn't decrease security much, if at all.)
-
- >Disable passwords:
- >
- >+:*:0:0:::
- >
- >But better is a different login shell (.rhosts and all that):
- >
- >+::0:0:::/etc/nologin
-
- I always use
-
- +:*:10:10:::/bin/false
-
- the 10's are there out of paranoia, I can envisage some nasty accidents using
- `0'.
-
- Cheers,
-
- Rob
- --
- UUCP: ...!mcsun!uknet!warwick!cudcv PHONE: +44 203 523037
- JANET: cudcv@uk.ac.warwick INET: cudcv@warwick.ac.uk
- Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
-
