I believe that NIS+ fixes this. For Solaris 2.x with NSKit 1.2, you canQuote:>How can I fix the security hole where you can "ypcat passwd" as a normal
>user and get the encrypted password? Should I take ypcat away from
>normal users? Does NIS+ fix this?
get an effect similar to C2secure on SunOS 4.1.x by setting PWDIR to
something like /var/yp in /var/yp/Makefile, putting a passwd file there
in the old SunOS style (i.e. user:##user:...), and putting passwd.adjunct
in $(PWDIR)/security/passwd.adjunct. Then, only root on the NIS clients
can 'ypcat passwd.adjunct'. That's not too secure either, I know...
Dr. Rick Perry, ECE Department, Villanova University, Villanova, PA 19085
610-519-4969, fax: 610-519-4436, hm: 610-259-8734