I've read most of what is out there on NIS - Linux interoperability. 
Unfortunately, nothing explains what we encountered on a FreeBSD 6.2 machine 
running NFS and NIS:

1. FreeBSD clients work as advertised, they interpret the password maps 
correctly; we export the server's /usr/home filesystem and users' home 
directories are automatically easily available.

2. "...just installed a clean Ubuntu 7.10 (newest) and set up NIS and he's 
STILL able to log in as ANY user without a password and can access their 
network drive when it's mounted"

Number 2 above scared the living daylights out of me. I checked permissions on 
the /usr/home directories, all set to 770 (each user in in their own group). 
The Ubuntu client could still walk all over this filesystem. Let me be clear: 
any valid username (as exported by the NIS maps) was authenticated with any 
password. Somehow Ubuntu was given root user permissions no matter what user 
was logged in. When we changed the /var/yp/Makefile to create maps with an 'x' 
instead of an '*' this fixed the problem but also resulted in no valid logins 
from the Ubuntu clients at all. And I have not checked the FreeBSD client 
machines to see how they deal with the 'x'  in the password map but that 
doesn't matter; what concerns me is how Ubuntu was given free access over the 
filesystem...That makes NIS unuseable in our environment (a public high school) 
because what about Mac's? and other Linux-type clients?

Can anyone shed a clue on what is occurring here? Seems like a dangerous hole 
in FBSD's NIS implementation. I know, I should move to Kerberos/LDAP but that 
realistically cannot happen until the summer.

Thank you in advance for your help!

RA Cohen





      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to