Christophe Kalt wrote: > On Wed, Dec 31, 2008 at 3:16 PM, Richard Chycoski > <[email protected]> wrote: > >> This is actually more dangerous (security-wise) because with NIS you are >> exposing the encrypted passwords via NIS, which can then be used to crack >> the passwords. NIS passwords are also limited to eight characters, and if >> you sync (or allow your users to sync) their NIS and AD passwords, you are >> exposing both your Windows and Unix accounts. AD passwords can be much >> longer than eight characters and the encrypted format is not exposed to the >> world (unless you do something really bad to your AD config :-). >> > > Which OS still limits NIS passwords to 8 characters and/or weak encryption? > Any system that uses the old standard 'crypt' password encoder. Solaris 8 was certainly this way (the man pages specifically indicate that only the first 8 characters of the password are significant). Solariis 10 can be altered by specifying a different algorithm.
- Richard _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
