Centralized DB of "system" users
sonic2000gr at gmail.com
Sat Dec 13 01:34:48 PST 2008
Michel Talon wrote:
> Lowell Gilbert wrote:
> NIS, which stands for Network Information Services, was developed
> by Sun Microsystems to centralize administration of UNIX
> (originally SunOS) systems. It has now essentially become an
> industry standard; all major UNIX like systems (Solaris, HP-UX,
> AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS.
> I work i am in a mostly Linux shop managed by NIS. However my machines
> are under FreeBSD and i have no problem getting the NIS info. The only
> gotcha is that, under Linux you have 2 files for passwds /etc/passwd
> and /etc/shadow, while under FreeBSD you have just one
> /etc/master.passwd. So you need to run NIS in compatibility mode on the
> Linux server, so that passwd and shadow are "concatenated". Securitywise
> it is the same since in any case the shadow information flows on the
> wire, ready to be captured by a scannner.
Yes, but running the NIS server in UNSECURE=true mode also allows local
users on NIS workstations to access the password hashes. It is
essentially the same as running a local machine with world read access
to master.passwd. Your only defense then would be very strong passwords
that would not be breakable by something like i.e. jack the ripper.
I bet most people would prefer not to rely on this...
More information about the freebsd-questions