Greetings,
Does anyone have shadow passwords working under NIS? on a default
potato install?
I have two freshly squeezed potato boxes, on which I am trying to
set up NIS (server, client).
I have followed the setup documentation (which is good)
'/usr/doc/nis/nis.debian.howto.gz'
except that
Paul == Paul Schulz [EMAIL PROTECTED] writes:
Paul I can ypcat all of the other maps, except for shadow. (This
Paul is expected as there is some encryption happening.) I need
Paul to have an /etc/shadow file on the client. If I shift a
Paul user to the end (after the +
I' m using a NIS and Shadow. Sometimes, I cannot login to the Client, and
the syslog shows
login[1860]: no shadow password for `cheub' on `ttyp7' from `thue' Sep 17
login[1860]: invalid password for `cheub' on `ttyp7' from `thue'
If I issue a yppasswd (which is possible since I am logged in
Note there is little use to combining shadow passwords and NIS. Any machine on
the net can get NIS maps. Now, if you're using NIS+ that's a different story
because authentication is used.
Miquel van Smoorenburg wrote:
In article [EMAIL PROTECTED],
Gabriel Millerd [EMAIL PROTECTED] wrote:
On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:
Note there is little use to combining shadow passwords and NIS. Any machine on
the net can get NIS maps. Now, if you're using NIS+ that's a different story
because authentication is used.
You can mangle the password field of the shadow map if the
This is true. However note how you said if the request for the map comes from a
non-root user. How do you supposed the NIS server determines that you're not a
root user? I'll tell you: ident. I can whip up an ident server on my NT box in
two
minutes that'll tell you I'm any user I want. This is
On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:
This is true. However note how you said if the request for the map comes
from a
non-root user. How do you supposed the NIS server determines that you're
not a
root user? I'll tell you: ident. I can whip up an ident server on my NT box
in two
In article [EMAIL PROTECTED],
Jens B. Jorgensen [EMAIL PROTECTED] wrote:
This is true. However note how you said if the request for the map comes
from a non-root user. How do you supposed the NIS server determines
that you're not a root user? I'll tell you: ident.
Nope. Priviliged ports.
I can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 19 Feb 1998, Jens B. Jorgensen wrote:
This is true. However note how you said if the request for the map
comes from a non-root user. How do you supposed the NIS server
determines that you're not a root user? I'll tell you: ident. I can
Oh, pardon me. That really is safe then. NOT! If I can plug into your ethernet,
I can
have your NIS maps. If you don't allow access you must be doing it by
hostname/IP.
Easy, I can just steal the IP I want, unplugging the real machine if necessary.
This is
silly anyway because I can easily
As I said before it's moot anyway because I can sniff the packets off the
ethernet. Don't be so sure that someone who plugs into your net can't steal your
IP. What do you think happens if I assign a privileged machine's IP address to
my box? I bet if I can get an arp reply out faster than you then
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 20 Feb 1998, Jens B. Jorgensen wrote:
As I said before it's moot anyway because I can sniff the packets off
the ethernet. Don't be so sure that someone who plugs into your net
Ummm, you lost me. I thought that ADT Security got you
Gabriel Millerd wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 20 Feb 1998, Jens B. Jorgensen wrote:
As I said before it's moot anyway because I can sniff the packets off
the ethernet. Don't be so sure that someone who plugs into your net
Ummm, you lost me. I
In article [EMAIL PROTECTED],
Jens B. Jorgensen [EMAIL PROTECTED] wrote:
Oh, pardon me. That really is safe then. NOT! If I can plug into your
ethernet, I can
have your NIS maps.
This is getting silly. Even if you install $100,000 worth of crypto
devices I can still come in, hold a gun to your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 20 Feb 1998, Jens B. Jorgensen wrote:
Well, um no, ADT did not get me because I'm not an intruder, I'm that
new guy down the hall who just got hired. I'm not saying anything about
coming from the outside
Your an amazing social
Yes, it is getting quite silly. By the way my root password is root. Part of
my point
was indeed that no system is secure. My main point however was simply that one
shouldn't
advise (or imply) that a given practice is secure (and we agree that nothing
is) without
disclosing the primary
According to Jens B. Jorgensen:
Yes, it is getting quite silly. By the way my root password is root. Part
of my point
was indeed that no system is secure.
Glad to see you're not taking this _too_ seriously either :)
I wasn't ..
Mike.
--
Miquel van Smoorenburg | The dyslexic, agnostic,
When Miquel van Smoorenburg wrotei, I replied:
I was wondering why he dangled his ethernet cable out the window.
I hope it was properly terminated! And wouldn't there be some sign
that the cable had been cut and re-spliced? I guess I'm just way
too trusting.
In article [EMAIL PROTECTED],
Well, we've certainly brought this one to its illogical conclusion!
Ralph Winslow wrote:
When Miquel van Smoorenburg wrotei, I replied:
I was wondering why he dangled his ethernet cable out the window.
I hope it was properly terminated! And wouldn't there be some sign
that the cable had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anyone have NIS running with shadow passwords? Or care to enlighten me on
how I might get that working?
TIA
- ---
Gabriel Millerd|
RLI Internet Services |And the Devil did grin, for his darling sin Is
System Admin Attribu |
In article [EMAIL PROTECTED],
Gabriel Millerd [EMAIL PROTECTED] wrote:
Anyone have NIS running with shadow passwords? Or care to enlighten me on
how I might get that working?
It only works on libc6 systems, because libc5 itself has no support
built-in for shadow password NIS maps. So you should
Hello,
A couple questions on NIS and shadow passwd support... has anyone
succesfully compiled the yppasswdd w/ shadow support?? I got the
experimental shadow package (along with source..) and it works fine,
like a charm...
On the yppasswdd man page, shadow support is mentioned, but the
22 matches
Mail list logo
