home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!olivea!spool.mu.edu!yale.edu!jvnc.net!gmd.de!Germany.EU.net!ifado!wb
- From: wb@arb-phys.uni-dortmund.de (Wilhelm B. Kloke)
- Newsgroups: comp.unix.ultrix
- Subject: Re: Using YP/NIS
- Message-ID: <1992Nov5.071608.26394@arb-phys.uni-dortmund.de>
- Date: 5 Nov 92 07:16:08 GMT
- References: <Bx75qz.3Ko@cck.coventry.ac.uk>
- Organization: Institut f. Arbeitsphysiologie a.d. Uni Dortmund
- Lines: 28
-
- In article <Bx75qz.3Ko@cck.coventry.ac.uk> ccx009@cch.coventry.ac.uk (Adam Bentley) writes:
- >
- >Hi there,
- > we're thinking of using YP/NIS to distribute among other things,
- > password entries. Can anyone out there give me any ideas or
- > thoughts on YP/NIS and its reliablity. We would intend to use it
- > on Sequent Symmetries (Dynix) and DEC Stations (Ultrix). Does anyone
- > have any advice on whether we should use it or not? The main thing we
- > want to be able to do is
- >
- > 1. Hide the passwd file
- > 2. Distribute the passwd file
- >
- > I assume both of these can be acheived. We are also looking at
- > writing our own shadow password stuff, replacing the getpw*
- > calls in libc with our own routines of the same name. This
- > however will invlove the re-compilation of a lot of other programs,
- > which may well use YP/NIS if its running.
- I doubt that you will get what you want. You habe to remove ypcat from
- your system or at least to restrict the use to root or wheel. You have
- to remove the YP routines from your libraries because otherwise any user
- could compile his own ypcat. This will not help either because the bad
- guy has access to the sources of those also. The protocol of YP has to
- be changed for this. Probably Kerberos is the thing you ar looking for.
- --
- Dipl.-Math. Wilhelm Bernhard Kloke,
- Institut fuer Arbeitsphysiologie an der Universitaet Dortmund
- Ardeystrasse 67, D-4600 Dortmund 1, Tel. 0231-1084-257
-
