Subject: Re: YP (NIS) and NetBSD
To: None <port-vax@netbsd.org>
From: None <jkunz@unixag-kl.fh-kl.de>
List: port-vax
Date: 07/05/1999 22:08:30
On  5 Jul, Aaron J. Grier wrote:

> vipw and add '+:0::::::::' as the last entry.  Also add '+:0::' as the
> last entry to /etc/group.  Then you should be set.
That is the old (pre 1.4) way. It still works but with 1.4 you should
edit /etc/nsswitch.conf. To get the passwd and group databases the file
must contain at least the lines:
group:          files nis
passwd:         files nis
See nsswitch.conf(5) for more details

In a unsecure network environment I HIGHLY recommend to copy
/etc/passwd and /etc/master.passwd to /var/yp and delete all entries
that do not belong to ordinary users. Especial you should delete the
line of the root account. The problem is that the whole
/etc/master.passwd will be exported over the network and every user can
get the encrypted passwds by typing 'ypcat passwd'. A litle bit of crack
and ... To do this you have to modify /var/yp/Makefile.yp. See the patch
below:
51c51
< passwd.time: ${DIR}/master.passwd
---
> passwd.time: ${YPDBDIR}/master.passwd
314,315c314,315
< netid.time: ${DIR}/passwd ${DIR}/group ${DIR}/hosts ${DIR}/netid
<       -@${MKNETID} -q -d ${DOMAIN} -p ${DIR}/passwd -g ${DIR}/group -h \
---
> netid.time: ${YPDBDIR}/passwd ${DIR}/group ${DIR}/hosts ${DIR}/netid
>       -@${MKNETID} -q -d ${DOMAIN} -p ${YPDBDIR}/passwd -g ${DIR}/group -=
h \
354c354
< ${DIR}/passwd:
---
> ${YPDBDIR}/passwd:
360c360
< ${DIR}/master.passwd:
---
> ${YPDBDIR}/master.passwd:=20
--



tsch=FC=DF,
         Jochen

Homepage: http://www.unixag-kl.fh-kl.de/~jkunz/