NIS+ users can read shadow from nis+ passwd table

NIS+ users can read shadow from nis+ passwd table

Post by Matus.Uh.. » Mon, 06 Sep 1999 04:00:00



Hello,

i sert up NIS+ on my sun and I can read shadow columns from passwd table.
did I made some mistake ? I also can read users' crypted passwords and they
can do the same.

--
 Matus "fantomas" Uhlar, network manager at faculty of civil engineering
 of Technical University in Kosice, Slovakia

 
 
 

NIS+ users can read shadow from nis+ passwd table

Post by Neil W Ricker » Mon, 06 Sep 1999 04:00:00



>i sert up NIS+ on my sun and I can read shadow columns from passwd table.
>did I made some mistake ? I also can read users' crypted passwords and they
>can do the same.

You can change to more restrictive column permissions to prevent
this.

The output of 'niscat -o passwd.org_dir' shows what I am using (with
solaris 7 and solaris 2.5.1):

        [1]     Name          : passwd
                Attributes    : (TEXTUAL DATA)
                Access Rights : ----r-----------

With older versions of solaris, you might also need the 'm'
permission for the owner.  You should be able to change column
permissions with 'nistbladm'.

 
 
 

NIS+ users can read shadow from nis+ passwd table

Post by Greg Andre » Tue, 07 Sep 1999 04:00:00



>Hello,

>i sert up NIS+ on my sun and I can read shadow columns from passwd table.
>did I made some mistake ? I also can read users' crypted passwords and they
>can do the same.

Do the things Neil Rickert said, and also make sure that nscd on
the client machines is being invoked with the correct '-S' arguments.
Without those arguments, nscd may retrieve data visible to root and
return it to client processes that haven't authenticated as root.
See the /etc/init.d/nscd startup script for a little more info about
the '-S' arguments.

  -Greg
--

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 
 
 

1. Q: Propagating /etc/shadow to NIS+ passwd table

Any help with the following problem would be greatly appreciated.

The NIS+ passwd table contains a 'shadow' column for each entry, according
to the documentation I have, but said docs say nothing about propagating
the actual /etc/shadow file into that column.  I did use nisaddent to
enter all the other necessary information from /etc/passwd, but the
only way I see to fill the shadow column is by hand-entering the encrypted
passwds or using awk and a script to call nisaddent -m on each entry.

Calling 'nisaddent -m -f /etc/shadow passwd' doesn't work, and produces
'parse errors for every line.  "No gcos line."

There must be an easier facility for this task, can someone help me and
point it out?  ( 2.3 NIS+ on a SparcClassic )

thanks, and happy holidays,
dave
__________________________________________________________________
 Dave Hillman     Biological Sciences Division Academic Computing

2. Ndiswrapper breaks Nvidia drivers

3. changing passwd on NIS server updates /etc/shadow only and not shadow.byname map

4. cat/zcat vs bzcat do different things... AKA "bzcat is broken!"

5. Convert NIS passwd back to standard /etc/passwd & /etc/shadow

6. Support for the Diamond Stealth II G460 with the Intel Chip

7. NIS compatibility mode: any way of avoiding read for Nobody on passwd table?

8. tun device, ip not reachable

9. NIS+ problem: root on client can't read passwd table

10. How to keep consistancy between /etc/passwd and NIS+ passwd table.

11. Help with NIS+ user passwd table credentials

12. Why do users read shadow under NIS+ ?

13. NIS+ user management [Was: Re: root changing a user's password (NIS)]