SECURITY: ypcat passwd

SECURITY: ypcat passwd

Post by Rick Per » Wed, 17 Jul 1996 04:00:00




Quote:>How can I fix the security hole where you can "ypcat passwd" as a normal
>user and get the encrypted password?  Should I take ypcat away from
>normal users?  Does NIS+ fix this?

I believe that NIS+ fixes this.  For Solaris 2.x with NSKit 1.2, you can
get an effect similar to C2secure on SunOS 4.1.x by setting PWDIR to
something like /var/yp in /var/yp/Makefile, putting a passwd file there
in the old SunOS style (i.e. user:##user:...), and putting passwd.adjunct
in $(PWDIR)/security/passwd.adjunct.  Then, only root on the NIS clients
can 'ypcat passwd.adjunct'.  That's not too secure either, I know...


Dr. Rick Perry, ECE Department, Villanova University, Villanova, PA 19085
610-519-4969, fax: 610-519-4436, hm: 610-259-8734

 
 
 

SECURITY: ypcat passwd

Post by Noahal A. Mun » Wed, 17 Jul 1996 04:00:00


How can I fix the security hole where you can "ypcat passwd" as a normal
user and get the encrypted password?  Should I take ypcat away from
normal users?  Does NIS+ fix this?

Thanks for your help.

Regards,

Noahal
---------------------------------------------------

| Rapid Systems Solutions | Jacksonville, Florida |  
---------------------------------------------------

 
 
 

SECURITY: ypcat passwd

Post by Charles Stephen » Wed, 17 Jul 1996 04:00:00


 NM> How can I fix the security hole where you can "ypcat passwd" as a
 NM> normal user and get the encrypted password?  Should I take ypcat
 NM> away from normal users?  Does NIS+ fix this?

Taking away a user command just invites someone to ftp a copy of it
from somewhere else.

NIS+ is designed with this in mind.  Even if you are root on a NIS+
client, you can not browse the encrypted password field inside the
password table.

cfs
--

Software Engineer (I think)        = "And thus spake the great lawyers:
SunSoft, a SMI Business            =  thou shall not speaketh for Sun or its
Menlo Park, California, USA        =  subsidaries, and disclaim all information
                                   =  hereforth, so they sue you, not us."
Spitting is strictly prohibited.   = THIS SPACE FOR SUBLEASE, reasonable rates.

 
 
 

SECURITY: ypcat passwd

Post by Doug Hugh » Thu, 18 Jul 1996 04:00:00



|> >How can I fix the security hole where you can "ypcat passwd" as a normal
|> >user and get the encrypted password?  Should I take ypcat away from
|> >normal users?  Does NIS+ fix this?
|>
|> I believe that NIS+ fixes this.  For Solaris 2.x with NSKit 1.2, you can
|> get an effect similar to C2secure on SunOS 4.1.x by setting PWDIR to
|> something like /var/yp in /var/yp/Makefile, putting a passwd file there
|> in the old SunOS style (i.e. user:##user:...), and putting passwd.adjunct
|> in $(PWDIR)/security/passwd.adjunct.  Then, only root on the NIS clients
|> can 'ypcat passwd.adjunct'.  That's not too secure either, I know...

There are steps you can take to secure NIS from this sort of attack.
However, it's a rather holistic process. You need to setup shadow passwords,
install ypserv patches, preferably install portmap/rpcbind patches, and
you should setup a router filter as well. I have it all documented at
http://www.eng.auburn.edu/users/doug/nis.html if you're interested

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University

 
 
 

SECURITY: ypcat passwd

Post by Bruce Barnet » Thu, 18 Jul 1996 04:00:00



Quote:> How can I fix the security hole where you can "ypcat passwd" as a normal
> user and get the encrypted password?  Should I take ypcat away from
> normal users?  

This doesn't prevent the threat. There are dozens or replacement
packages for ypcat that any hacker can download and compiler.

--

 
 
 

1. ypcat passwd and ypcat hosts

when I log into an NIS client as a regular user, I can do

ypcat passwd

and get a list of all users

but

ypcat hosts gives:

No such map hosts.byname. Reason: No such map in server's domain

also ypcat anything gives the same message but passwd.

Why?

2. Linux Based NC and Wine

3. nis ypcat passwd error

4. Help me. Please help me.

5. hiding encrypted password in ypcat passwd

6. getting start WinME + Redhat 7.1

7. ypcat passwd command

8. more IDE/ATAPI controllers?

9. ypcat passwd.adjunct.byname

10. user can't ypcat passwd, but root can

11. "YPCAT PASSWD" not receiving a response from the server.

12. ypcat passwd

13. Apache authentication from ypcat passwd