NIS+ security questions/configuration

NIS+ security questions/configuration

Post by David Shattuc » Sat, 23 Mar 1996 04:00:00



This has been an annoying, ongoing problem:

I am currently looking at implementing NIS+ within our organization but I seem to be having
problems getting clear information regarding the security benefits/restrictions with using NIS+.
 The main reference book I've been using is Ramsey's "All About Administering NIS+".  It's
written clearly but organized horribly(IMHO)!  I've also been using O'Reilly's "Practical UNIX
Security" as an introduction into aspects of encryption (DES as implemented by Secure RPC).

I've been under the impression that, within an NIS+ namespace, principals with DES credentials
can remotely login to other NIS+ clients/servers without transmitting their password across the
Ethernet.  So far, when I've SNOOPED the segment where these machines are located I've seen
passwords transmitted in cleartext!  Am I misunderstanding the 'benefits' of Secure RPC and NIS+
or am I not configuring my clients and servers correctly?  My ultimate goal is encryption of, at
least, the login aspect of a telnet session.

If anyone has any info on this, please send me your knowledge!  I've spent too many hours finding
a void on this subject!

I will summarize all responses I get.

TIA

David Shattuck

 
 
 

NIS+ security questions/configuration

Post by Andreas Meist » Sat, 23 Mar 1996 04:00:00


: I've been under the impression that, within an NIS+ namespace, principals with DES credentials
: can remotely login to other NIS+ clients/servers without transmitting their password across the
: Ethernet.  So far, when I've SNOOPED the segment where these machines are located I've seen
: passwords transmitted in cleartext!  Am I misunderstanding the 'benefits' of Secure RPC and NIS+
: or am I not configuring my clients and servers correctly?  My ultimate goal is encryption of, at
: least, the login aspect of a telnet session.
:
DES Credentials are only valid in the homedomain of a principal, so if you
log in to another domain, no DES authentication can take place. (NIS+
uses only local credentials).

But anyway, NIS+ is a *name service* and not a crypting software. The primary
goal of the security stuff in NIS+ (secure RPC) is to provide authentication
(are you really the one you pretend to be?). Telnet and rlogin are not
implemented on top of secure RPC, so no wonder you may snoop passwords!

There are several secure implemetations of telnet and also 'ssh' (secure
shell) which may rather be what you are looking for.

Andreas

--
___________________________________________________________________________
Andreas Meister, Union Bank of Switzerland, Lausanne, Switzerland

phone: +41 21 702 88 23________here's one straight from the factory________

 
 
 

1. Reasonable nis security between Solaris & Linux (was Re: Is nis (yp) a security worry?

My original question was basically a "should I worry" concerning Solaris
sending encrypted passwords via nis to PC's running Linux.  The response I
got was that I should worry, e.g. about spoofing and ypcat passwd. The full
answer seems more complicated - ypcat passwd doesn't return the encrypted
passwords (rather "*" or "*NP*") for the two systems I looked at, and the
shadow file isn't in the "compatibility" list for nis+ under Solaris 2 so it
a question of yp make cobbling together the passwd and shadow file information to
make one backwards-compatible yp file.

But all this does seem to depend on the setup, and of course doesn't get me
any closer to some method of getting encrypted password to Linux clients, who
should have at least the level of security of the Solaris host from which the
passwords are kept - i.e. the /etc/shadow file is not world-readable there
so it shouldn't be readable (via ypcat or whatever) on the clients.

This *must* be something people have solved before?  I cannot run nis+ (some
of the clients, such as Linux, Sunos 4.x cannot run that), I cannot run Novell's
NDS on Solaris yet (even though Linux supports it) - besides I'm not sure that
sort of thing is what I want, and being outside the US some security options
are limited anyway.

I am scared of reducing the security of the main system with Linux satellites;
but I appreciate that "reasonable" security is always a compromise, and that
having the encrypted paswords available to Joe User is only a problem if people
choose crackable passwords anyway.  What is appropriate for the situation isn't
ultra-high security anyway, e.g. the main worry would be if academic staff's
home directories were readable (due to their encrypted passwords being distributed
to lots of computers they probably will never use) and therefore having to redo
some exam questions.  Not that I expect the students will try to break the security
but the new Linux systems are a sensitive issue and I don't want people to *fear*
them as a security loophole.

Perhaps the answer is nis 1.2 on the server, with restricted distribution of
all (? or some??) of these passwords to hosts based on IP or subnet. Again, has
anybody done this already and lived to tell the tale?
--
-------------------------------------------------------------------------------
Mark Aitchison, Physics & Astronomy   \_  Phone : +64 3 3642-947 a.h. 3371-225
University of Canterbury,             </  Fax   : +64 3 3642-469  or  3642-999

#include <disclaimer.std>           (/'
-------------------------------------------------------------------------------

2. AGP and Linux.

3. NIS/NIS+ security

4. audio cds

5. NIS/NIS+ password security without user keypairs -- how ???

6. Wanted: slip or ppp for Linux

7. NIS -> NIS+ migration and login security

8. PCI bus interchangeable on X86/PPC systems?

9. Linux nis client with solaris nis server in C2 security mode

10. NIS problem on multivendor nis configuration

11. NIS Configuration Questions

12. NIS and security questions

13. NIS and Security Questions