On Tue, Mar 11, 2003 at 01:24:15PM +1100, Neeraj Arora wrote:
> This means, the libraries on Linux do not understand shadow passwords on
> NIS. Thus, if I want to use shadow passwords with a Linux Machine, I have
> to expose them to clients. There is a possibility that I could delete or
> hide the binary ypcat from allowing users to see it, but that does not
> disallow any of the users to compile their own version and retrieve
> sensitive information. Could this be classified as a security hole???

This is wrong -- Linux NIS is quite happy using shadow passswords, it just
implements them differently to FreeBSD.  The problem is that the FreeBSD
NIS Makefile does not, by default, generate the shadow.byname map that
Linux clients are expecting to see.  To generate this map, you need to
patch /var/yp/Makefile as I described in my earlier reply to your
question.  The post from Mike Galvez points to a very similar patch.  I
should point out that I did this to support RedHat boxes here; it should
work on Debian as well, but YMMV.



Scott Mitchell           | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England       | 0x54B171B9 |  don't get sucked into jet engines"
scott at fishballoon.org | 0xAA775B8B |      -- Anon

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to