Home page logo
/

bugtraq logo Bugtraq mailing list archives

Obtaining NIS domainname from Gatorbox
From: dennisg () CyberSAFE COM (Dennis Glatting)
Date: Sat, 15 Apr 1995 22:18:48 -0700


From: Tim Scanlon <tfs () vampire science gmu edu>
Date: Thu, 13 Apr 95 20:21:33 -0400


der Mouse wrote:


Maybe a good reason to join the crowd and not run NIS?

I wish.  It's clear to me that NIS is a big problem.  But what else is
out there?  We have a definite need to share passwd databases across
many machines, from multiple vendors, none of which we have source
code to.  How close to a solution can we get?


There's also NeXT Inc's Netinfo. It's been ported to all
sorts of other platforms by a company called xedoc.com (I
think it's xedoc.com.au, as they're down under.) I would
reccomend taking a serious look at it as an alternate. It
has more security to it than standard NIS hands down. And
it's a hell of alot easier to administer than either NIS or
NIS+, and is far, far more flexible. 



I've worked extensivly with both, and allthough I will
readily admit I prefer the NeXT GUI and other aspects of it
over SunOS, I'm still objective enough to realize that
there are areas an applications where on OS is going to be
better than another for certain things. (Like if I'm
going to do graphics, I'd prefer an SGI over most anything
else out there) Basicly what I'm trying to say is while I
belive I'm being very, very objective about my opinions
on it, don't take my word for it, check it out on your own in
depth. 



By no means is it "NIS" but it performs all the same
functions, plus alot more. I think there may be aspects of
NIS+ that might be a bit better, like encrypted transfer
of password maps, but I havn't had the same level of
experience with NIS+ so I don't want to get into
comparison there. 



I would reccomend it completly as being worthy of serious
consideration as an alternate to NIS, especially in a
multivendor enviornment that would preclude running
NIS+ at all or easily. The Xedoc product supports a wide
variety of vendors systems too. So that's a big plus. 



One of the best things I can say for it is, I've never heard
of anyone using, making, or otherwise grabbing a
password map from netinfo from a totaly alien machine...
If anyone's heard of this being done, I'd love to hear how &
under what circumstances. I'm not saying it's not
possible, but I've seen netinfo frustrate more than one
hacker, even when they got on a machine using it via other
means. 




NetInfo isn't as secure as you think. 



-dpg



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]