YP/NIS on BSDI

YP/NIS on BSDI

Post by Asafs Frae » Tue, 25 Nov 1997 04:00:00



hi,

If anybody knew how to config yp/nis
that povided by Linux on BSDI.
I love to he hear about it.

asafs

 
 
 

YP/NIS on BSDI

Post by Asafs Frae » Tue, 25 Nov 1997 04:00:00


Dear sir.

I read your NIS-HOWTO. and I want to ask you for advice.

As you know BSDI has the YP client option, BUT don't have the YP server
option. so ... I try to compile the 'ypserv-1.1.7' on BSDI.

During the complition process I have some problam that I solve:
1) I have to compile also the GDBM package.
2) I have 23 fuction that have 'multply defantion' error.
   That error mins that the fanction define twice. Once in 'libc' and
   once in 'ypserv-1.1.7' package. So I changed the name of the fanction
   in the 'ypserv-1.1.7' package. by adding th line :
         "-D(func)=(my_func)"
  to the Makefile.

So .. In the end I finish the compailtion process.

I configur every thing. and the 'rpcinfo' seems to work well.
I run the 'ypserv' demon, it's also run well. (-:

I want to my cliant (whit linux OS), and I run the 'ypbind'
demon, it's also run well. and the 'rpcinfo' also  seems to work well.
(-:
But whan I try to run the 'ypcat passwd' it stop and didn't response.
)-:

So what to you think about it ? ?-:
I where do you think is the problam ? ?-:

I will be grateful If you can send me back some advices.

Asaf Spaniier.
E-mail: asafs.cd.huji.ac.il

 
 
 

1. Reasonable nis security between Solaris & Linux (was Re: Is nis (yp) a security worry?

My original question was basically a "should I worry" concerning Solaris
sending encrypted passwords via nis to PC's running Linux.  The response I
got was that I should worry, e.g. about spoofing and ypcat passwd. The full
answer seems more complicated - ypcat passwd doesn't return the encrypted
passwords (rather "*" or "*NP*") for the two systems I looked at, and the
shadow file isn't in the "compatibility" list for nis+ under Solaris 2 so it
a question of yp make cobbling together the passwd and shadow file information to
make one backwards-compatible yp file.

But all this does seem to depend on the setup, and of course doesn't get me
any closer to some method of getting encrypted password to Linux clients, who
should have at least the level of security of the Solaris host from which the
passwords are kept - i.e. the /etc/shadow file is not world-readable there
so it shouldn't be readable (via ypcat or whatever) on the clients.

This *must* be something people have solved before?  I cannot run nis+ (some
of the clients, such as Linux, Sunos 4.x cannot run that), I cannot run Novell's
NDS on Solaris yet (even though Linux supports it) - besides I'm not sure that
sort of thing is what I want, and being outside the US some security options
are limited anyway.

I am scared of reducing the security of the main system with Linux satellites;
but I appreciate that "reasonable" security is always a compromise, and that
having the encrypted paswords available to Joe User is only a problem if people
choose crackable passwords anyway.  What is appropriate for the situation isn't
ultra-high security anyway, e.g. the main worry would be if academic staff's
home directories were readable (due to their encrypted passwords being distributed
to lots of computers they probably will never use) and therefore having to redo
some exam questions.  Not that I expect the students will try to break the security
but the new Linux systems are a sensitive issue and I don't want people to *fear*
them as a security loophole.

Perhaps the answer is nis 1.2 on the server, with restricted distribution of
all (? or some??) of these passwords to hosts based on IP or subnet. Again, has
anybody done this already and lived to tell the tale?
--
-------------------------------------------------------------------------------
Mark Aitchison, Physics & Astronomy   \_  Phone : +64 3 3642-947 a.h. 3371-225
University of Canterbury,             </  Fax   : +64 3 3642-469  or  3642-999

#include <disclaimer.std>           (/'
-------------------------------------------------------------------------------

2. AlphaStation 2/266 dead?

3. NIS, NIS+, named, yp, ...

4. Critical "Times" article on Linux

5. Nis+ and NIS (YP) compatibility

6. Amaya 1.0b and Apache 1.2.0

7. NIS+ under NIS(YP) Rootmaster or just Master

8. Logitech mouse and X

9. NIS yp compat mode, participating in NIS+ hierarchy, limitations?

10. serving NIS to BSDI: netgroup problem

11. NIS (yp)

12. YP/NIS advice?

13. How to use yp (NIS) functions?