TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NIS, shadow, and in-secure networks
NIS is great, except that the password floats across the network in its
encrypted form.
Is there a way to setup a secure connection between the NIS server and its
clients?
The HOWTOs recommend not sending shadow passwords across NIS, but to move the
passwords back into /etc/password, well, then anyone can snarf /etc/passwd and
start a brute attack on the password file.
Is there any was to get NIS working but NOT have the encrypted passwords in
/etc/password?
If possible, I'd rather send shadow across the network because snooping a
network is slightly more challenging then grabing /etc/passwd and brute
force attacking it.
--
Bob Tanner <tanner@real-time.com> | Phone : (612)943-8700
http://www.real-time.com | Fax : (612)943-8500
Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9