Subject: Re: pseudo-shadowing of passwords with ypserv?
To: Keith Moore <moore@cs.utk.edu>
From: David Holland <dholland@cs.toronto.edu>
List: tech-security
Date: 10/08/1998 18:14:59
 > this will come as no surprise to anyone who is familiar with yp,
 > but we're having some trouble with people stealing the password
 > file, doing dictionary attacks, and publishing the passwords to
 > the net.  we're still using yp because we have a very heterogeneous
 > environment (sunos, solaris, hpux, irix, linux, digital unix, ultrix,
 > netbsd, freebsd, aix), and and we're not aware of any better way 
 > of distributing passwords to all of the machines, at least not
 > without replacing all of the programs that need to read the password 
 > file.  if we have to do that, we'll probably go with kerberos.
 > but we'd like to find a drop-in solution.

rdist over ssh? It's not quite drop-in, but it's pretty easy to set up.
(would be nice to get some out-of-the-box support for it though sometime.)

Nothing anyone does to YP will ever really be more than a bandaid.

-- 
   - David A. Holland             | (please continue to send non-list mail to
     dholland@cs.utoronto.ca      | dholland@hcs.harvard.edu. yes, I moved.)