Date: Sat, 13 Dec 2008 11:34:44 +0200 From: Manolis Kiagias <sonic2000gr@gmail.com> To: Michel Talon <talon@lpthe.jussieu.fr> Cc: freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users Message-ID: <494381B4.7020205@gmail.com> In-Reply-To: <20081213090822.GA97581@lpthe.jussieu.fr> References: <20081213090822.GA97581@lpthe.jussieu.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Michel Talon wrote: > Lowell Gilbert wrote: > NIS, which stands for Network Information Services, was developed > by Sun Microsystems to centralize administration of UNIX > (originally SunOS) systems. It has now essentially become an > industry standard; all major UNIX like systems (Solaris, HP-UX, > AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. > > > I work i am in a mostly Linux shop managed by NIS. However my machines > are under FreeBSD and i have no problem getting the NIS info. The only > gotcha is that, under Linux you have 2 files for passwds /etc/passwd > and /etc/shadow, while under FreeBSD you have just one > /etc/master.passwd. So you need to run NIS in compatibility mode on the > Linux server, so that passwd and shadow are "concatenated". Securitywise > it is the same since in any case the shadow information flows on the > wire, ready to be captured by a scannner. > > Yes, but running the NIS server in UNSECURE=true mode also allows local users on NIS workstations to access the password hashes. It is essentially the same as running a local machine with world read access to master.passwd. Your only defense then would be very strong passwords that would not be breakable by something like i.e. jack the ripper. I bet most people would prefer not to rely on this...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?494381B4.7020205>