This is true. However note how you said "if the request for the map comes from a non-root user". How do you supposed the NIS server determines that you're "not a root user"? I'll tell you: ident. I can whip up an ident server on my NT box in two minutes that'll tell you I'm any user I want. This is not security.
Gergely Madarasz wrote: > On Thu, 19 Feb 1998, Jens B. Jorgensen wrote: > > > Note there is little use to combining shadow passwords and NIS. Any machine > > on > > the net can get NIS maps. Now, if you're using NIS+ that's a different story > > because authentication is used. > > You can mangle the password field of the shadow map if the request for the > map comes from a non-root user. This is from /etc/ypserv.conf : > > # Host : Map : Security : Passwd_mangle > * : shadow.byname : port : yes > > So if someone (not root) does ypcat shadow.byname he will only see :x: > instead of the real encrypted password. > > Greg > > -- > Madarasz Gergely [EMAIL PROTECTED] [EMAIL PROTECTED] > Egy pingvinre gyakorlatilag lehetetlen haragosan nezni. > HuLUG: http://www.cab.u-szeged.hu/local/linux/ -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
