Date: Wed, 3 Nov 1999 18:41:13 +1030 (CST) From: Greg Lewis <glewis@trc.adelaide.edu.au> To: freebsd-security@freebsd.org Subject: Security and NIS - alternatives? Message-ID: <199911030811.SAA29824@ares.maths.adelaide.edu.au>
next in thread | raw e-mail | index | archive | help
Hi all,
I am about to undertake setting up a number of FreeBSD workstations and
have been reading up on NIS in the FreeBSD man pages. Statements like the
following in yp(4) concern me somewhat:
While these enhancements provide better security than stock NIS, they are
by no means 100% effective. It is still possible for someone with access
to your network to spoof the server into disclosing the shadow password
maps.
I have noted the steps which can be taken to provide better security than
standard, but the fact that holes remain is a concern. I also note that
NIS+ doesn't appear to be currently supported.
This is not meant to be a complaint, I simply wish to ask if there is a
more secure alternative? I'd like one where passwords were not sent over
the network except via something like SSL or an ssh tunnel.
Thanks in advance for any advice people have to offer.
--
Greg Lewis glewis@trc.adelaide.edu.au
Computing Officer +61 8 8303 5083
Teletraffic Research Centre
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911030811.SAA29824>