NIS+ encryption? NIS+ expert needed

NIS+ encryption? NIS+ expert needed

Post by jp2.. » Fri, 15 Sep 2000 04:00:00



Hello,

 I installed NIS+ on a few boxes and afterwards decided I would check out the
encryption that  this product is touted for. I logged into a client machine
and , at the same time, snooped the  root master with the -x option to see
all the ASCII text, and I saw a lot of clear text about what  looked like the
NIS+ transaction.  Where does the Diffie-Hellman encryption come into play?
Am I  missing something?

 Any comments are welcome.

 J. Phaneuf

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

NIS+ encryption? NIS+ expert needed

Post by Akop Pogosia » Mon, 18 Sep 2000 04:00:00



> Hello,
>  I installed NIS+ on a few boxes and afterwards decided I would check out the
> encryption that  this product is touted for. I logged into a client machine
> and , at the same time, snooped the  root master with the -x option to see
> all the ASCII text, and I saw a lot of clear text about what  looked like the
> NIS+ transaction.  Where does the Diffie-Hellman encryption come into play?
> Am I  missing something?

As far as I understand, when you login, the client machine, asumming
that your unix and secure RPC passwords are the same, fetches your
encrypted private key from the cred table. The key is decrypted with
your secure RPC password, then the client machine encrypts a
time-stamp with your private key and server's public key. When the
server receives it, it decrypts the timestap using a combination of
its own private key and your public key. If the decrypted timestamp is
within the reasonable time window with respect to the current system
time you are authenticated for all secure RPC transactions. Then the
process is reversed (the server encrypts a time stamp and sends it to
client).  That's the only time when Diffie-Hellman encryption comes
into play. Secure RPC is used -only- for authentication purposes, all
other communication (all data transfers, NFS file access) between
client and server is still done in clear text.

If your secure RPC password (password used to encrypt your private key
stored in the cred table) is not the same as your unix password then
you will not be authenticated against NIS+ server and you'd have to
explicitly run "kelogin" program.

Akop

 
 
 

1. NIS+ encryption? NIS+ expert needed

Hello,

I installed NIS+ on a few boxes and afterwards decided I would check out the
encryption that this product is touted for. I logged into a client machine
and , at the same time, snooped the root master with the -x option to see all
the ASCII text, and I saw a lot of clear text about what looked like the NIS+
transaction.  Where does the Diffie-Hellman encryption come into play?  Am I
missing something?

Any comments are welcome.

J. Phaneuf

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Solaris 2.5.1 and NIS (YP)

3. Would NIS+ master work with NIS+ & NIS Slave?????????

4. Mounting NTFS

5. NIS : auth problem with Linux nis server and SUN sparc nis client

6. Solution for Mounting CDROM from Redhat 4.0

7. NIS+ : Can an HP be a NIS client to a Sun NIS+ server

8. Measur the load of Networkinterface

9. Which do we need: NIS or NIS+?

10. NIS & NIS+ Need help!

11. Questions & Help needed with NIS<-->NIS+

12. Which do we need: NIS or NIS+?

13. Linux vs NIS (password encryption)