Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Obtaining NIS domainname from Gatorbox
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Tue, 18 Apr 1995 11:15:07 -0400


Maybe a good reason to join the crowd and not run NIS?
I wish.  [What else is out there?]
There's also NeXT Inc's Netinfo.  [...]  don't take my word for it,
check it out on your own in depth.

I'd like to.  Where can I find the spec?

One of the best things I can say for it is, I've never heard of
anyone using, making, or otherwise grabbing a password map from
netinfo from a totaly alien machine...

I own a NeXT.  I expect nobody else can steal my password map; indeed,
it's so secure _I_ have trouble dumping the whole thing!  I have to
resort to things like

for i in `niutil -t -list localhost/local /users | awk '{print $2}'`
do
        niutil -t -read localhost/local /users/$i | ....
done

I'm not saying it's not possible, but I've seen netinfo frustrate
more than one hacker, even when they got on a machine using it via
other means.

I'm another one: it frustrates me no end and I own the ruddy machine!
I have also been completely unable to find any docs on it beyond NeXT's
usual useless "trust us, just run it and it works".  (I admit, I
haven't tried very hard, because I'm hoping to switch OSes before too
much longer.)  I've found that using
"niutil -t xxx localhost/local yyyy" mostly prevents it from hanging if
I happen to be off the net at the time, but having to do that is gross.
If I could find protocol docs, I'd write my own daemons....

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]