On Thu, 30 Jan 2003, Kevin Jackson wrote:

> but surely in such a situation where NIS and NFS is employed -- you
> won't be giving out root passwords to normal untrusted users anyway?!

The usual problem is when users have their own machines and want access to
the NFS network. They don't want to give up root on their own machines.

> I know sometimes it can't be avoided in some situations -- if that's the
> case then you may want to look at alternatives - NIS+ was mentioned.

NIS+ is not much more secure than NIS if you have root. In all the
installations I've seen, the only difference is that the NIS+ client won't
let normal users see the encrypted passwords (from "niscat
passwd.org_dir"). Plus, NIS+ support for Linux isn't entirely complete.

The real solution is to get rid of NIS and NFS, and replace them with AFS,
LDAP, and Kerberos. AFS does file access control at a user level, rather
than a host level. That means local root can't get access to your
files[1] -- only AFS admin can do that. The LDAP/Kerberos option means no
more unshadowed passwords floating around the network.

http://www.openafs.org
http://www.openldap.org
http://web.mit.edu/kerberos/www/

All are well supported under Linux (not to mention many other UNIXes, and
even the ability to interact almost seamlessly with Microsoft ADS).

--
[1] Well, he can try to steal your Kerberos credentials if you're logged
in to the machine, but he can't just "su".

[ t charles clancy ]--[ tclancy (at) uiuc (dot) edu [email concealed] ]--[ www.uiuc.edu/~tclancy ]

[ reply ]