Jan Iven wrote:
On 10/01/08 08:23, John Summerfield wrote:
If Solaris validates against RHEL, wouldn't the question be:
DOES USER user PASSWORD password authenticate?
user and password are as provided by the user, the server encrypts and
check against local storage.
Not with NIS - AFAI this just serves the shadow "map" back to the
(Solaris) client and lets it decide locally whether the has matches the
password.
Of course, Solaris has PAM, and PAM allows to delegate this kind of
decision to a server. But standard pam_unix will consult the "local"
shadow file of NIS map.
I think I see a security problem. If shadow contains unsalted passwords,
google may well reverse it for you. It's been done with website passwords.
That's part of the reason for shadow in the first place.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
