From owner-freebsd-questions@FreeBSD.ORG Sat Dec 13 09:34:48 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C14861065672 for ; Sat, 13 Dec 2008 09:34:48 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24]) by mx1.freebsd.org (Postfix) with ESMTP id 50A838FC24 for ; Sat, 13 Dec 2008 09:34:48 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: by ey-out-2122.google.com with SMTP id 6so255050eyi.7 for ; Sat, 13 Dec 2008 01:34:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=4OqisP0XKrn0Z2Wd3TKqynltOwecFH10M14Qt2wIhNQ=; b=PsrK90A88ChX6/Q0BZs+3QU6eGt1kDcSdrKm0UlOZznmKdeQDpS8jh1Mr9XbhVvE+C VZGAOd6MnNuM9V8NzhZ9NZNQBxcuH4AREgtyghp9gHYL58Gs35cgqHTO3Ke0WZ9z8Vz0 Ey/zAY46CbE3xTOGgMjIfBwIwWWuFjqYJJ0GU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=iFkMOYpIM0fAi0L2CRin42OTHud/uUqugO/WBxxLaMiPnnwGprOeb/wuz1zbFA1pm7 bum7YjPcLaumNDSNJfsfQsHDIkjD6bL3mVFNtx3LEEvcbiFbsHyTTCCRzBMjyiJdOBxL aDQXZ0vLvRT2bPeKFTIH3cARh3/65DkF2i9vU= Received: by 10.210.111.4 with SMTP id j4mr5211054ebc.170.1229160887170; Sat, 13 Dec 2008 01:34:47 -0800 (PST) Received: from atlantis.dyndns.org (athedsl-323937.home.otenet.gr [85.72.120.255]) by mx.google.com with ESMTPS id 10sm349921eyd.56.2008.12.13.01.34.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 13 Dec 2008 01:34:46 -0800 (PST) Message-ID: <494381B4.7020205@gmail.com> Date: Sat, 13 Dec 2008 11:34:44 +0200 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.17 (X11/20081011) MIME-Version: 1.0 To: Michel Talon References: <20081213090822.GA97581@lpthe.jussieu.fr> In-Reply-To: <20081213090822.GA97581@lpthe.jussieu.fr> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 09:34:48 -0000 Michel Talon wrote: > Lowell Gilbert wrote: > NIS, which stands for Network Information Services, was developed > by Sun Microsystems to centralize administration of UNIX > (originally SunOS) systems. It has now essentially become an > industry standard; all major UNIX like systems (Solaris, HP-UX, > AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. > > > I work i am in a mostly Linux shop managed by NIS. However my machines > are under FreeBSD and i have no problem getting the NIS info. The only > gotcha is that, under Linux you have 2 files for passwds /etc/passwd > and /etc/shadow, while under FreeBSD you have just one > /etc/master.passwd. So you need to run NIS in compatibility mode on the > Linux server, so that passwd and shadow are "concatenated". Securitywise > it is the same since in any case the shadow information flows on the > wire, ready to be captured by a scannner. > > Yes, but running the NIS server in UNSECURE=true mode also allows local users on NIS workstations to access the password hashes. It is essentially the same as running a local machine with world read access to master.passwd. Your only defense then would be very strong passwords that would not be breakable by something like i.e. jack the ripper. I bet most people would prefer not to rely on this...