[Sunhelp] About NIS+ security
Magnus Abrante
sunhelp at sunhelp.org
Sat Nov 4 11:38:57 CST 2000
> I have a concern about NIS+'s security:
> We can use "niscat passwd.domainname" to list the users' password filed, Is
> it a vulnerability for password hacking ?
Yes, and No :)
If you are not running in Emulate YP mode it depends on how you have
configured the passwd table. You can display the settings of the table
with niscat -o passwd.org_dir .
The there are four access options:
r right to read
m right to modify objects
c right to add objects to table
d right to destroy tables / directories
Example:
r---r---r---r---
The first four is the access rights for nobody, then owner followed by the
group and last of all is the access rights for world.
Owner and group are displayed in the output of niscat -o as well.
Anyone who is in the cred table belongs to "world", everyone else belongs
to "nobody".
My point with all this is that you might be able to see the encrypted
passwords if you are in the NIS+ admingroup (nisgrpadm -l admin), which
usually owns the passwd table, whereas your ordinary users cant, if they
can view them however you might have a potential security problem.
This might be different if you are running in Emulate YP mode.
(rpc.nisd -y)
Hope this removes more confusion than it creates ;)
//Magnus Abrante
/* This is my opinion and not the one of my empolyer */
More information about the SunHELP
mailing list