mailing list archives
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from
From: afx () ibm de (Andreas Siegert)
Date: Mon, 17 Apr 1995 19:18:46 +0200 (CEST)
One's own domainname, nothing. But someone else knowing your
domainname gives that someone a significant edge when it comes to
breaking in to your machines.
Given the more recent versions of ypserv I don't see any major security
problems left with YP. i.e the patches which Sun (at least, and maybe HP if
you believe their docs) produced which tells a ypserv and portmapper which
machines they should talk to.
Back before these patches one could extract yp maps from a random domain using
ypxfer, or hand written code but this no longer works with the newer code.
If there are other security hole left please enlighten me.
Any user on the legal hosts still can get encrypted passwords.
No password aging and password quality control mechanism in heterogenious
The host based access control in ypserv can be easily circumvented by adding
your own system to the local LAN and spoofing an address.
The changes sure protect against attacks from remote sites, but local security
is still very low.
Andreas Siegert afx () ibm de / afx () barolo ak munich ibm com / AFX at IPNET
Every time we've moved ahead in IBM, it was because someone was willing to take
a chance, put his head on the block, and try something new - Thomas Watson, Jr.