Use shadow like password with NIS on Fedora
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sat Dec 27 22:39:06 UTC 2003
Qi,
From my experience with NIS authentication , what you want is
impossible. In the university where I work , we're slowly preparing the
machines to use ldap authentication , as a security measure. We've had
enough problems with NIS , as any user can ypcat passwd and get all
passwords and maybe try to crack them. For this reason , we have a
strict policy regarding passwords and we try to crack weak passwords weekly.
If you want security (at the expense of taking longer to configure the
server) , I suggest you to use ldap. Fedora has a excelent support to
ldap auth configuration (using redhat-config-authentication).
Pedro Macedo
> From: "Qi Chen" <qi.chen at jpl.nasa.gov>
> To: <fedora-list at redhat.com>
> Subject: Use shadow like password with NIS on Fedora
> Date: Fri, 26 Dec 2003 17:16:19 -0800
> Reply-To: fedora-list at redhat.com
>
>
> I have just installed Fedora. I have configured NIS server/client ok.
> However, when I type command 'ypcat passwd', I can see the encrypted
> password in the output, which is no good and is not what I want. I
> would like to have no encrypted password showing up when I type command
> 'ypcat passwd'.
>
> Then I changed the /etc/nsswitch.conf file with
>
> passwd: compat
> shadow: compat
>
> and modified /etc/ypserv.conf file as following:
>
> # The following, when uncommented, will give you shadow like passwords.
> # Note that it will not work if you have slave NIS servers in your
> # network that do not run the same server as you.
>
> # Host : Domain : Map : Security
> #
> * : * : passwd.byname : port
> * : * : passwd.byuid : port
>
> I restarted ypserv and ypbind. However, the ypcat command still shows
> the shadow password. I am using ypserv-2.8.3 and glibc-2.3.2-101.
>
> Do I miss anything? Please help if you know the answer.
>
> -Qi
More information about the users
mailing list