Bugtraq mailing list archives
Re: Obtaining NIS domainname from Gatorbox
From: tfs () vampire science gmu edu (Tim Scanlon)
Date: Thu, 13 Apr 95 20:21:33 -0400
der Mouse wrote:
Maybe a good reason to join the crowd and not run NIS?I wish. It's clear to me that NIS is a big problem. But what else is out there? We have a definite need to share passwd databases across many machines, from multiple vendors, none of which we have source code to. How close to a solution can we get?
There's also NeXT Inc's Netinfo. It's been ported to all sorts of other platforms by a company called xedoc.com (I think it's xedoc.com.au, as they're down under.) I would reccomend taking a serious look at it as an alternate. It has more security to it than standard NIS hands down. And it's a hell of alot easier to administer than either NIS or NIS+, and is far, far more flexible. I've worked extensivly with both, and allthough I will readily admit I prefer the NeXT GUI and other aspects of it over SunOS, I'm still objective enough to realize that there are areas an applications where on OS is going to be better than another for certain things. (Like if I'm going to do graphics, I'd prefer an SGI over most anything else out there) Basicly what I'm trying to say is while I belive I'm being very, very objective about my opinions on it, don't take my word for it, check it out on your own in depth. By no means is it "NIS" but it performs all the same functions, plus alot more. I think there may be aspects of NIS+ that might be a bit better, like encrypted transfer of password maps, but I havn't had the same level of experience with NIS+ so I don't want to get into comparison there. I would reccomend it completly as being worthy of serious consideration as an alternate to NIS, especially in a multivendor enviornment that would preclude running NIS+ at all or easily. The Xedoc product supports a wide variety of vendors systems too. So that's a big plus. One of the best things I can say for it is, I've never heard of anyone using, making, or otherwise grabbing a password map from netinfo from a totaly alien machine... If anyone's heard of this being done, I'd love to hear how & under what circumstances. I'm not saying it's not possible, but I've seen netinfo frustrate more than one hacker, even when they got on a machine using it via other means. Tim ________________________________________________________________ tfs () vampire science gmu edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic posession
Current thread:
- Obtaining NIS domainname from Gatorbox, (continued)
- Obtaining NIS domainname from Gatorbox Phrack Magazine (Apr 10)
- Re: Obtaining NIS domainname from Gatorbox der Mouse (Apr 12)
- Re: Obtaining NIS domainname from Gatorbox Dave Horsfall (Apr 12)
- NCSA security holes Dr. Frederick B. Cohen (Apr 13)
- Re: Obtaining NIS domainname from Gatorbox Luke Mewburn (Apr 14)
- Re: Obtaining NIS domainname from Gatorbox Matt T. Mannhardt (Apr 14)
- Hesiod (was Re: Obtaining NIS domainname from Gatorbox) Dave Horsfall (Apr 17)
- Re: Obtaining NIS domainname from Gatorbox npc () minotaur jpl nasa gov (Apr 14)
- Re: Obtaining NIS domainname from Gatorbox Jas (Apr 15)
- Re: Obtaining NIS domainname from Gatorbox Dave Horsfall (Apr 12)
- Re: Obtaining NIS domainname from Gatorbox Julian Assange (Apr 20)
- Re: Obtaining NIS domainname from Gatorbox Michel Lavondes (Apr 24)
- Re: Obtaining NIS domainname from Gatorbox Matthew Bontoft (Apr 25)
- Re: Obtaining NIS domainname from Gatorbox Dave Dittrich (Apr 26)