Subject: misc/12149: NIS documentation doesn't cover 'secure maps'
To: None <>
From: None <>
List: netbsd-bugs
Date: 02/07/2001 10:51:20
>Number:         12149
>Category:       misc
>Synopsis:       NIS documentation doesn't cover 'secure maps'
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 07 10:54:00 PST 2001
>Release:        1.5
	All NetBSD 1.5 systems
	The template /var/yp/Makefile.yp contains the following useful
	information in a comment:

	# Password maps in standard YP are insecure, because the pw_passwd
	# field is accessable by any user. FreeBSD, NetBSD and OpenBSD have
	# a common solution: a secure map (generated with makedbm -s) can
	# only be accessed by a client bound to a privileged port.
	# Uncomment out the following if you need compatibility with
	# sites that don't support this feature.
	#INSECURE?=     yes

	This is great, except that none of the NIS related man pages
	mention that NetBSD uses a special secure solution which is only
	common to NetBSD, FreeBSD, and OpenBSD.  When using a NetBSD
	system as an NIS master server, it's not immediately apparent
	why your non-*BSD NIS clients can't authenticate their users.

	Information should be included in the man pages about this (even
	in just a general sense) perhaps with a pointer to see the
	/var/yp/Makefile.yp for details.