In a message dated: Thu, 22 Jun 2000 15:44:21 EDT
Bob Bell said:
>> Does it ask you for the old NIS passwd if you:
>
> Yes, in fact it still does.
[..snip..]
> Tru64 has a man page for yppasswd in section 3, which says in part.
>
>yppasswd(oldpass, newpw)
> char *oldpass;
> struct passwd *newpw;
>
>If oldpass is indeed the old user password, this routine replaces the
>password entry with newpw.
Well that's good to know. At least someone does it right :) Though, does
running passwd as root also ask for the user's old passwd? Neither Solaris
nor Linux do this, and if the root passwd compromised is also managed via NIS,
then someone just got root access to the NIS server. I think you can see
where this would lead :)
>> Linux only asks you for the root password, which you already know, it
>>does not ask you for the users old passwd. Solaris doesn't even ask you
>>for that, since it knows you're root, you must be okay :)
>
> Yikes! That doesn't sound good.
>
> I wonder if communicating to yppasswdd is secure on Tru64 as well?
Well, I'd be curious to know if the data were at least encrypted, or if it
would be susceptible to network sniffing. I've never really sniffed a network
and looked for yppasswd RPC transfers before.
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
