NIS server under linux

[Bob Tanner <tanner@real-time.com>]

Summary: Shadow and MD5 passwords with NIS does not work. What do I need 
to do in nswitch.con to get this to work? How can I keep encrypted passwords
from flying around the network?

Details:

I am a little confused about NIS servers under linux. Since we run Solaris and
NIS+, I do not have that much expirence with NIS. After reading the HOWTOs and
such I am even more confused. :-)

I activated a NIS server on a Redhat 6.0 box. No shadow, no MD5. Setup the
nswitch.conf correctly and played around with ypcat. Things looked great.

Install a NIS client on a RH 6.0 box. No shadow, no MD5, nswitch.conf, ypcat,
all worked fine.

Put my sniffer on the Ethernet segment with these 2 linux boxes, turned
monitor on my switch (makes 1 port on the switch receive all traffic on that
segment, like a hub) and kringed when I saw the encrypted passwords flying
across the wire.

Also was concerned that the encrypted password was in /etc/passwd, so being
"smart" I actived Shadow and MD5 passwords (authconfig does a great job
converting) on both the NIS server and client. Played with ycat and the
sniffer some more and was happy to see no encrypted passwords on the wire.

Problem, I could not log in either. Read the HOWTO again. It looks like I
should be able to put something into nswitch.conf to get this to work. What is
it that I put into the nsswitch.conf? I tried the compat option but it does
not work.

The HOWTO says NOT to use compat because the encrypted passwords get sent out
on the wire. So, how do you prevent your encrypted passwords from being sent
out on the wire?

NIS+ encrypts just about everything, so I did not have to worry.

Thanks.


-- 
Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9