From owner-freebsd-security Wed Nov 3 0:12:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from ares.maths.adelaide.edu.au (ares.maths.adelaide.edu.au [129.127.246.5]) by hub.freebsd.org (Postfix) with ESMTP id 9681515695 for ; Wed, 3 Nov 1999 00:12:00 -0800 (PST) (envelope-from glewis@ares.maths.adelaide.edu.au) Received: (from glewis@localhost) by ares.maths.adelaide.edu.au (8.9.3/8.9.3) id SAA29824 for freebsd-security@freebsd.org; Wed, 3 Nov 1999 18:41:14 +1030 (CST) (envelope-from glewis) From: Greg Lewis Message-Id: <199911030811.SAA29824@ares.maths.adelaide.edu.au> Subject: Security and NIS - alternatives? To: freebsd-security@freebsd.org Date: Wed, 3 Nov 1999 18:41:13 +1030 (CST) X-Mailer: ELM [version 2.4ME+ PL56 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I am about to undertake setting up a number of FreeBSD workstations and have been reading up on NIS in the FreeBSD man pages. Statements like the following in yp(4) concern me somewhat: While these enhancements provide better security than stock NIS, they are by no means 100% effective. It is still possible for someone with access to your network to spoof the server into disclosing the shadow password maps. I have noted the steps which can be taken to provide better security than standard, but the fact that holes remain is a concern. I also note that NIS+ doesn't appear to be currently supported. This is not meant to be a complaint, I simply wish to ask if there is a more secure alternative? I'd like one where passwords were not sent over the network except via something like SSL or an ssh tunnel. Thanks in advance for any advice people have to offer. -- Greg Lewis glewis@trc.adelaide.edu.au Computing Officer +61 8 8303 5083 Teletraffic Research Centre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message