Centralized DB of "system" users

Manolis Kiagias sonic2000gr at gmail.com
Sat Dec 13 01:34:48 PST 2008

Michel Talon wrote:
> Lowell Gilbert wrote:
>    NIS, which stands for Network Information Services, was developed
>    by Sun Microsystems to centralize administration of UNIX
>    (originally SunOS) systems. It has now essentially become an
>    industry standard; all major UNIX like systems (Solaris, HP-UX,
>    AIX(R), Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS.
> I work i am in a mostly Linux shop managed by NIS. However my machines
> are under FreeBSD and i have no problem getting the NIS info. The only
> gotcha is that, under Linux you have 2 files for passwds /etc/passwd
> and /etc/shadow, while under FreeBSD you have just one
> /etc/master.passwd. So you need to run NIS in compatibility mode on the
> Linux server, so that passwd and shadow are "concatenated". Securitywise
> it is the same since in any case the shadow information flows on the
> wire, ready to be captured by a scannner.

Yes, but running the NIS server in UNSECURE=true mode also allows local
users on NIS workstations to access the password hashes. It is
essentially the same as running a local machine with world read access
to master.passwd.  Your only defense then would be very strong passwords
that would not be breakable by something like i.e. jack the ripper.
I bet most people would prefer not to rely on this...

More information about the freebsd-questions mailing list