Subject: Re: pseudo-shadowing of passwords with ypserv?
To: David Holland <firstname.lastname@example.org>
From: Keith Moore <email@example.com>
Date: 10/08/1998 18:33:33
> rdist over ssh? It's not quite drop-in, but it's pretty easy to set up.
> (would be nice to get some out-of-the-box support for it though sometime.)
Copying the passwd file to all hosts doesn't scale very well
for even moderate numbers of users or hosts. It's also a pain
to keep all of the password files current in the presence of host
and network failures, and to deal with each system's different
way of storing shadow password files. And we'd still need
something like yppasswd (with something better than "privileged
ports" for authentication) to let people change their passwords.
> Nothing anyone does to YP will ever really be more than a bandaid.
granted. If I had the luxury of replacing all of the "login" programs
on all of the systems, I'd start with Kerberos and work up from there.
Meanwhile, a bandaid would do a lot to thwart this very common kind of