Home page logo

bugtraq logo Bugtraq mailing list archives

Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)
From: scott () Disclosure COM (Scott Barman)
Date: Wed, 12 Apr 95 09:58:12 EDT

bob () hobbes dtcc edu (Bob Rahe) writes:

+------ On Apr 10,  9:12, Ken Weaverling wrote:
|>This may be an obscure hole, but it got us and still bothers me.
|>Gatorboxes are shipped without a user password set. Once connected to your
|>net, it is easy to telnet to one of these things and log in with ANY id
|>iff there is no user password set. 
|>The user account can't change anything, but can look at really 
|>interesting things. For example, if you have the GatorShare software
|>running using NIS authentication, it will freely tell you what the
|>NIS domainname is.

What's wrong with knowing one's NIS domainname?

 Maybe a good reason to join the crowd and not run NIS?  Seems like that
thing causes mucho problems.  That's the second one you've mentioned in two
days, I think.

I keep hearing people say this about NIS.  However, when one is
running a lot of systems (including PC-NFS clients) it is fantastically
easy to administrate (especially when one is not a full-time sysadmin).

For the moment, I have a client running NIS (not this one) and I have
their router set up to not pass RPC services from the net (to the port
for SunRPC).  So far, this seems to be OK.  Are there problems with
this?  Is there a "better" NIS that can run on SunOS (not Solaris, so
NIS+ is out), BSDI, and out-of-the-box SVR4 (in particular from

scott barman
scott () disclosure com / barman () ix netcom com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]