Re: HEADS UP: rpc.yppasswdd working again
Martin Blapp writes: > maps using ypchpass(1). Again, this only applies to the super-user on > the NIS master server: none of these special functions can be performed > over the network. I am happy! M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: HEADS UP: rpc.yppasswdd working again
> he can change passwords on the server at will. >From the rpc.yppasswdd manpage: The FreeBSD version of rpc.yppasswdd also allows the super-user on the NIS master server to perform more sophisticated updates on the NIS passwd maps. The super-user can modify any field in any user's master.passwd entry in any domain, and can do so without knowing the user's existing NIS password (when the server receives a request from the super-user, the password authentication check is bypassed). Furthermore, if the server is invoked with the -a flag, the super-user can even add new entries to the maps using ypchpass(1). Again, this only applies to the super-user on the NIS master server: none of these special functions can be performed over the network. The rpc.yppasswdd utility can only be run on a machine that is an NIS master server. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: HEADS UP: rpc.yppasswdd working again
hi, > > All users who had problems with NIS should rebuild their > > world. Long outstanding problems have been fixed and > > rpc.yppasswdd allows root again to change passwords > > on ypmaster without knowledge of the users password. > Does this not create a vulnerability? > > Example: Bad Guy sets up a personal workstation with himself as root > and steals an IP address from the machine he just switched off. Now > he can change passwords on the server at will. It is only possible on the ypmaster server. And if you are root you can edit the password files directly, can't you :-) ? Martin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: HEADS UP: rpc.yppasswdd working again
Martin Blapp writes: > > Small, but important message for NIS users. > > All users who had problems with NIS should rebuild their > world. Long outstanding problems have been fixed and > rpc.yppasswdd allows root again to change passwords > on ypmaster without knowledge of the users password. Does this not create a vulnerability? Example: Bad Guy sets up a personal workstation with himself as root and steals an IP address from the machine he just switched off. Now he can change passwords on the server at will. M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
HEADS UP: rpc.yppasswdd working again
Small, but important message for NIS users. All users who had problems with NIS should rebuild their world. Long outstanding problems have been fixed and rpc.yppasswdd allows root again to change passwords on ypmaster without knowledge of the users password. Martin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"