Subject: Re: YP (NIS) and NetBSD
To: None <>
From: None <>
List: port-vax
Date: 07/05/1999 22:08:30
On  5 Jul, Aaron J. Grier wrote:

> vipw and add '+:0::::::::' as the last entry.  Also add '+:0::' as the
> last entry to /etc/group.  Then you should be set.
That is the old (pre 1.4) way. It still works but with 1.4 you should
edit /etc/nsswitch.conf. To get the passwd and group databases the file
must contain at least the lines:
group:          files nis
passwd:         files nis
See nsswitch.conf(5) for more details

In a unsecure network environment I HIGHLY recommend to copy
/etc/passwd and /etc/master.passwd to /var/yp and delete all entries
that do not belong to ordinary users. Especial you should delete the
line of the root account. The problem is that the whole
/etc/master.passwd will be exported over the network and every user can
get the encrypted passwds by typing 'ypcat passwd'. A litle bit of crack
and ... To do this you have to modify /var/yp/Makefile.yp. See the patch
< passwd.time: ${DIR}/master.passwd
> passwd.time: ${YPDBDIR}/master.passwd
< netid.time: ${DIR}/passwd ${DIR}/group ${DIR}/hosts ${DIR}/netid
<       -@${MKNETID} -q -d ${DOMAIN} -p ${DIR}/passwd -g ${DIR}/group -h \
> netid.time: ${YPDBDIR}/passwd ${DIR}/group ${DIR}/hosts ${DIR}/netid
>       -@${MKNETID} -q -d ${DOMAIN} -p ${YPDBDIR}/passwd -g ${DIR}/group -=
h \
< ${DIR}/passwd:
> ${YPDBDIR}/passwd:
< ${DIR}/master.passwd:
> ${YPDBDIR}/master.passwd:=20