This has been an annoying, ongoing problem:
I am currently looking at implementing NIS+ within our organization but I seem to be having
problems getting clear information regarding the security benefits/restrictions with using NIS+.
The main reference book I've been using is Ramsey's "All About Administering NIS+". It's
written clearly but organized horribly(IMHO)! I've also been using O'Reilly's "Practical UNIX
Security" as an introduction into aspects of encryption (DES as implemented by Secure RPC).
I've been under the impression that, within an NIS+ namespace, principals with DES credentials
can remotely login to other NIS+ clients/servers without transmitting their password across the
Ethernet. So far, when I've SNOOPED the segment where these machines are located I've seen
passwords transmitted in cleartext! Am I misunderstanding the 'benefits' of Secure RPC and NIS+
or am I not configuring my clients and servers correctly? My ultimate goal is encryption of, at
least, the login aspect of a telnet session.
If anyone has any info on this, please send me your knowledge! I've spent too many hours finding
a void on this subject!
I will summarize all responses I get.