mailing list archives
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)
From: benji () haven boston ma us (Benjamin Cline)
Date: Sat, 15 Apr 1995 11:20:07 -0400 (EDT)
According to Dale Babiy:
On Wed, 12 Apr 1995, der Mouse wrote:
Is there a "better" NIS [...]
I'd be interested in hearing about any such. I'm almost ready to try
my hand at writing one myself, but so far the perceived need has not
yet been sufficient to make me allocate the time.
We're running NeXTStep here, do you, or anyone else for that matter, know
of any security holes concerning the NetInfo NIS(type) system that deals
with our local information sharing?
So far we've been lucky, I'd like to stop being lucky and start being
I don't know of any gaping, obvious holes in NetInfo, although I have yet to
really sit down and try to find any (which is on my list of things to get to,
You should enable the "Limit information to local network" option (see the
on-line sys-admin docs for information on just how to do this (I don't remember
off the top of my head :-)). Also, because NetInfo is rpc based, you would be
well advised to protect your network with a filtering bridge or router. As is
typical for rpc based services, NetInfo doesn't use any fixed port, so I very
muchs suggest a filtering strategy of blocking everything except that which
is expressly permitted.
And while I'm at it, I believe NeXT's portmap suffers from the bug that it will
allow complete NFS access for any packets claiming to be from the loopback
address (once again, this is something I need to test and verify).
Benjamin R. Cline Large Furry Mammal benji () haven boston ma us
Never set sail with two opinions, always take one or three.
Government should be like bamboo: strong, light, flexible