Subject: Re: pseudo-shadowing of passwords with ypserv?
To: Keith Moore <firstname.lastname@example.org>
From: David Holland <email@example.com>
Date: 10/08/1998 18:14:59
> this will come as no surprise to anyone who is familiar with yp,
> but we're having some trouble with people stealing the password
> file, doing dictionary attacks, and publishing the passwords to
> the net. we're still using yp because we have a very heterogeneous
> environment (sunos, solaris, hpux, irix, linux, digital unix, ultrix,
> netbsd, freebsd, aix), and and we're not aware of any better way
> of distributing passwords to all of the machines, at least not
> without replacing all of the programs that need to read the password
> file. if we have to do that, we'll probably go with kerberos.
> but we'd like to find a drop-in solution.
rdist over ssh? It's not quite drop-in, but it's pretty easy to set up.
(would be nice to get some out-of-the-box support for it though sometime.)
Nothing anyone does to YP will ever really be more than a bandaid.
- David A. Holland | (please continue to send non-list mail to
firstname.lastname@example.org | email@example.com. yes, I moved.)