Root passwd with NIS ??

Root passwd with NIS ??

Post by Laurent PERROTO » Fri, 10 Nov 1995 04:00:00



I have 3 questions :

1) Pros and cons to put passwd account in NIS
database instead of /etc/passwd ??

2) If root account is in /etc/passwd, how does root
change its passwd ?? Am I right to think that I have to
modify ALL of  the /etc/passwd of EACH workstation (either
manually or with a script...) ?

3) Is there an FAQ for this group ? if so, where can I get it inEUROPE ?

Please answer me by email as I dont have a regular acess to the news.

Thanks folks,

LP

 
 
 

Root passwd with NIS ??

Post by Tim Irvi » Sat, 11 Nov 1995 04:00:00




> Don't put root's password in NIS.  What if NIS or your network is down?
> How are you going to log in as root?

Actually, in the O'Reilly Nutshell book _Managing NFS and NIS_, Hal Stern
offers another possible solution:

You could have two "root" users:  root and "lroot" (or local root).  The
"root" password would be controlled by NIS; the lroot users would not be
controlled by NIS but also have a UID of 0.  That way, if NIS comes down
or becomes unusable, you can still log in as lroot.  This has one other
possible benefit--if you have users whom you want to give root access for
*one* machine, but not system-wide, then giving them the "lroot" password
and not the root password could accomplish that.

Of course, I still wouldn't want to give it to anyone unless they were
willing to be on call...and I'm wary of having more than one UID 0 as well.

--
Tim Irvin, Iridium System Administration and Configuration Management
Lockheed Martin Missiles and Space, Sunnyvale, California

********** all standard disclaimers apply **********

 
 
 

Root passwd with NIS ??

Post by Michael Haard » Mon, 13 Nov 1995 04:00:00




> > I have 3 questions :

> > 1) Pros and cons to put passwd account in NIS
> > database instead of /etc/passwd ??

> > 2) If root account is in /etc/passwd, how does root
> > change its passwd ?? Am I right to think that I have to
> > modify ALL of  the /etc/passwd of EACH workstation (either
> > manually or with a script...) ?

> Don't put root's password in NIS.  What if NIS or your network is down?
> How are you going to log in as root?

Someone correct me if I am wrong, but isn't is very unsafe to manage
passwords with NIS at all, as anybody who knows your NIS domain could
retrieve all NIS maps?  Either you can guess the NIS domain, because
many people use their DNS domain, or you can ask bootparamd if there is
one running.

Michael
--
Twiggs and root are a wonderful tree (tm) Twiggs & root 1992 :-)
d? H- s(+)/(-) g! au a- w+ v(---) C++(+++) UL++++S++++$?++++ L++ 3 E-

 
 
 

Root passwd with NIS ??

Post by Dillon Pyr » Wed, 15 Nov 1995 04:00:00




>> I have 3 questions :

>> 1) Pros and cons to put passwd account in NIS
>> database instead of /etc/passwd ??

>> 2) If root account is in /etc/passwd, how does root
>> change its passwd ?? Am I right to think that I have to
>> modify ALL of  the /etc/passwd of EACH workstation (either
>> manually or with a script...) ?

>Don't put root's password in NIS.  What if NIS or your network is down?
>How are you going to log in as root?

Exactly.  So I wrote a small script that plucks the entire entry for root from
one machine (on which I have changed the password) and uses remshell from that
machine to "edit" the passwd files on all of the other machines.

Easy enough to do, a little bit of a security hole if your total envrionment is
not real secure (prone to spoofing, etc).

dillon

 
 
 

1. Changing nis+ root passwd

Hi there,

I want to change the root password for nis+ master servers, replicas, and
clients

Here are the steps that I will do, but I am not sure if I missing something:

1 - on each nis+ server, replica, and client:

        a - # /bin/passwd root

        b - # chkey -p
            Updating nisplus publickey database.

   *        Please enter the Secure-RPC password for root: "old password"
            Please enter the login password for root: "new password"

            * Does the "old root password" go here ??.

        c - # keylogin -r
            Password: "new password"
            Wrote secret key into /etc/.rootkey

I want to make sure that these steps are 100% right before I implement
them. (I do not want to mess the nis+ domains).

I will appreciate your feedback.
--

Thank you.

-Bassem
-----------------------------------------------------
Bassem Zahabi                      |    
Unix Systems Administrator         |
Open Systems Group - ITD           | PH: 404-727-1171
Emory University                   | FX: 404-727-2599
Atlanta, Georgia 30322             |

------------------------------------------------------

2. NTFS/RedHat 7.3

3. NIS bypassing local /etc/passwd for root

4. Diamond Cards & new systems

5. NIS+ and changing root passwd

6. JFS magic numbers -HELP

7. problem with NIS+ root passwd change

8. Italians Unix developers

9. root nis+ passwd to change

10. Root passwd on the NIS master

11. Root can't change NIS+ creds using passwd command

12. change passwd by root in nis

13. Simple NIS+ root passwd question