[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] Alternatives to NIS



On Mon, 23 Oct 2000, David Woodhouse wrote:

> No. That has nothing to do with NIS. That's NFS. You don't need to run NIS
> on either the server or the client to see this.

Yep, though it does make it easier.
 
> Recent example: sunsite.org.uk had their Red Hat 7 mirror readable by uid 
> 19837, even before it was supposed to have been released to the public.
> By adding a user with that id to my local password file, and becoming that 
> user, I was able to read the files.
> 
> NIS might perhaps have saved me a few keystrokes - but not many. It's not 
> the cause of the problem. NFS is. 

Ok,  I see your point.  If someone has the ability to setup themselves on
an NIS network, they have the ability to add a user to their system...

I am still working on ways to increase security before attempting a high
school install, so far we have: no floppy drive, no local hard drive, root
over nfs, either NIS/LDAP or for some  of the systems a shared passwd
file, due to the root over nfs.

			Harry 
> --
> dwmw2

--
Harry McGregor, CEO, Co-Founder
hmcgregor@osef.org, (520) 202-OSEF (6733)
Open Source Education Foundation, http://www.osef.org