> > I confirm that using passwd to change root's password on a system > > where the "+::::::" is the last line of /etc/passwd changes it to > > +::0:0::: > > > > As noted in the bug log, this seems harmless and is more an > > aesthetical bug, if this is a bug and not a feature. > > > > Tomasz, any input on this? > > On using old compat type NIS implementation IIRC isn't possible to specify > range UIDs/GIDs which can be managed by NIS. Somerimes have NISed root > accout can be good feacture (I know some clustred enviroment where it is > used).
So, what you're telling us here is that these "0"'s define a range of UID/GIDs which are managed (or excluded?) by NIS. > Latest NIS implemetation prepared by Thornsten Kukluk have ability to > specify range UIDs/GIDs managed by ypserver but only on level scripts for > converting files to NIS db files. If intruder wil have ability for > injectin root account directly to NIS db files this fact will not be even > reported by ypeserv. On clint side (ypbind) also in current implememtation > there is no configuration parameters which will allow force range > UIDs/GIDs imported from NIS server (maybe it will be good report this as > kind RFE for Thornsten). > > Summarize: I'm not shure is classify this case as bug is correct. Maybe > document this as feacture will be better. The feature would then be passwd disabling the root password injection to NIS. Am I right? Not all this is very clear to me...:-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
