Subject: Re: securing NetBSD<->Solaris
To: None <>
From: Roger Brooks <>
List: tech-pkg
Date: 08/30/2000 10:25:06
On Wed, 30 Aug 2000, Hubert Feyrer wrote:

>I have some questions about using a set of NetBSD client machines
>(running ~1.5) against a Solaris server (2.6) for file and authentication
>services. The problem is aggravated by the fact that the clients are
>dual-boot PCs (public lab machines - I can hear you scream!). 

> * Authentication: Is there some way to make "ypcat passwd" in NIS
>   not display passwords for normal users? Using NetBSD as a NIS server,
>   this works. And yes, let's ignore the usual problems of NIS for a
>   moment.

Not really.  That's one of the real advantages of NIS+ (along with not
having to push the whole passwd map to propagate a single password change
-- which can take some time if, as we did, you have 20,000 users and
10 NIS replicas on old SparcStation 2 machines).

There is something you can do which will confuse any script kiddies,
but it's so simple that I'll describe it off-line.


Roger Brooks (Systems Programmer),          |  Email:
Computing Services Dept,                    |  Tel:   +44 151 794 4441
The University of Liverpool,                |  Fax:   +44 151 794 4442
PO Box 147, Liverpool L69 3BX, UK           |