Bugtraq mailing list archives
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 12 Apr 1995 19:03:32 -0400
Gatorboxes are shipped without a user password set. [...] The user account can't change anything, but [...] [f]or example, if you have the GatorShare software running using NIS authentication, it will freely tell you what the NIS domainname is.What's wrong with knowing one's NIS domainname?
One's own domainname, nothing. But someone else knowing your domainname gives that someone a significant edge when it comes to breaking in to your machines.
Maybe a good reason to join the crowd and not run NIS?I keep hearing people say this about NIS.
Deservedly, IMO.
However, when one is running a lot of systems (including PC-NFS clients) it is fantastically easy to [adminster]
Yes, it is. It's also a sieve in many respects when it comes to security. Lots of easy-to-administer setups are.
For the moment, I have a client running NIS (not this one) and I have their router set up to not pass RPC services from the net (to the port for SunRPC). So far, this seems to be OK.
You (or they) are lucky, so far.
Are there problems with this?
Yes. Blocking port 111 is not enough; it is far too easy to just fire NIS requests at every port number in the appropriate range - there are only a few thousand of them. If you're running a mostly stock setup, one can almost predict the port NIS will use a priori. Unfortunately there's not much to be done about it, unless you're willing to replace your yp daemons.
Is there a "better" NIS [...]
I'd be interested in hearing about any such. I'm almost ready to try my hand at writing one myself, but so far the perceived need has not yet been sufficient to make me allocate the time. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Scott Barman (Apr 12)
- <Possible follow-ups>
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 12)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Timothy Newsham (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Dale Babiy (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Benjamin Cline (Apr 15)
- Obtaining NIS domainname from Gatorbox Dennis Glatting (Apr 15)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Jon Peatfield (Apr 15)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Andreas Siegert (Apr 17)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Bob Beck (Apr 18)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Scott Barman (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Terje Normann Marthinussen (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)