Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Obtaining NIS domainname from Gatorbox
From: lm () melb cpr itg telecom com au (Luke Mewburn)
Date: Fri, 14 Apr 1995 17:10:54 +1000 (EST)

On Wed, 12 Apr 1995, der Mouse wrote:

Maybe a good reason to join the crowd and not run NIS?

I wish.  It's clear to me that NIS is a big problem.  But what else is
out there?  We have a definite need to share passwd databases across
many machines, from multiple vendors, none of which we have source code
to.  How close to a solution can we get?

A wild idea, straight off the top of my head: what about using the DNS
mechanisms?  Apologies if this has been suggested and flamed before...

Hesiod (HS class DNS) can be used instead of NIS for most things.
ULTRIX boxes have it built in, and we use it instead of NIS
(except we use NIS for netgroups; if I could change the OS to use DNS
for netgroups I would)

Unfortunately, like NIS, you can extract the encrypted password field
out of the system. Commands like nslookup comment this out, but if you
have 'host' (comes with bind 4.9.7b17, also at ftp.nikhef.nl:/pub/network)
you can do:
        host -t txt -c hs username.passwd.`domainname`
and you get something like:
        username.passwd.melb.cpr.itg.telecom.com.au        TXT
            "username:ABCDEFGHIJKLM:9999:9999:User Name:/users/username:/bin/sh"

Which is why Kerberos exists :)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]