mailing list archives
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from
From: J.S.Peatfield () damtp cam ac uk (Jon Peatfield)
Date: Sat, 15 Apr 1995 16:35:13 +0100
One's own domainname, nothing. But someone else knowing your
domainname gives that someone a significant edge when it comes to
breaking in to your machines.
Given the more recent versions of ypserv I don't see any major security
problems left with YP. i.e the patches which Sun (at least, and maybe HP if
you believe their docs) produced which tells a ypserv and portmapper which
machines they should talk to.
Back before these patches one could extract yp maps from a random domain using
ypxfer, or hand written code but this no longer works with the newer code.
If there are other security hole left please enlighten me.
Is there a "better" NIS [...]
I'd be interested in hearing about any such. I'm almost ready to try
my hand at writing one myself, but so far the perceived need has not
yet been sufficient to make me allocate the time.
A good starting point might be the 386/BSD, Linux YP implementation. Since
the source is available you can add whatever security measures you like to it.
I'm not sure if their ypserv/ypbind are drop-in replacements for the ONC
versions, (e.g. if the file formatt etc are the same), but it shouldn't be too
hard to check.
-- Jon Peatfield (DAMTP, unix network admin)