Re: [Linux]: password sync in 2 or more linux boxes

From: Graham Nicholls (graham_at_rockcons.co.uk)
Date: 03/16/04 

Date: Tue, 16 Mar 2004 18:36:16 +0000

Sybren Stuvel wrote:

> ["Followup-To:" header set to alt.os.linux.]
> Sukhbir Dhillon enlightened us with:
>> Thanks for the suggestion. I just wanted to make sure if passwords are
>> not sent in clear text between servers.
>
> The passwords aren't even stored in clear text on your computer.
>
>> I have to use this scenario at bank and they have very strict
>> guidelines regarding such issues even though they dunno anything about
>> sniffers.
Scary!
>
> Then I suggest against NIS, since it does advertise everybody's
> encrypted passwords. With those and a good password cracker (John the
> Cracker, for instance) you can crack weak passwords in seconds.

Which is why you should NOT be using it. - you were totally right to comment
that the traffic should be encrypted - eg using ssh, so the packet payload
couldn't be read. The (slightly snide appearing) comment regarding knowing
about NIS before commenting was just plain wrong.

NIS+ was an attempt to fix this but seems to be a right PITA to administer,
so LDAP looks like a better (and more futureproof) bet.

>
>> Suggestions always welcome.
>
> www.tldp.org
>
> Sybren 

-- 
Graham Nicholls 
Spammesenselessgraham@rockcons.co.uk

Relevant Pages

  • Re: How to remove users "only" on NIS database?
    ... In the beginning hashed passwords were in the /etc/passwd file. ... that information over the network. ... Therefore with NIS the shadow file is made available. ... won't have local root. ...
    (Debian-User)
  • Problems w/NIS Clients in Compat Mode
    ... I'm using OpenAFS for authentication and using NIS to push out the password maps. ... I'm using NIS compat mode, using netgroups to specify user account access to each machine. ... The problem with this is that they expire, causing the system to ask to change it (I don't want any local passwords). ... I'm specifically using NIS because it won't expire passwords; this is being controlled on the OpenAFS server side. ...
    (comp.os.linux.misc)
  • Re: Sparc Solaris NIS client Linux NIS server
    ... >> I'll check over the nsswitch.conf and verify that its right. ... >> insecurities with NIS. ... If "shadow" passwords are enabled properly, ... once I get the authentication working I will ...
    (comp.os.linux.setup)
  • Re: authentication question
    ... NIS has several problems. ... their passwords in the clear. ... in this case, though as when windows clients send encrypted passwords, ... > and have everything else authenticate off that. ...
    (RedHat)
  • Re: overcome NIS
    ... > AFAIK, NIS doesn't transmit passwords over the network, ... It does when changeing passwords (although there are workarounds to this, ... > so each machine can use the hashes to authenticate. ... They need not even sniff the wire for this ...
    (comp.os.linux.security)