[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: =?Windows-1255?b?5PDj5e8=?= : Re : What did I do right?




On Wed, 6 Oct 1999 Isaac_Aaron/Azorim-Shop/il%AZORIM-SHOP@center.intranet wrote:

> The client machine had to be configured to use shadow passwords in order to
> correcly authenticate users.
> For the second point - I've added a new user on the master machine named
> "test" that didn't exist on either of them. This was my test case all
> along.

then this means that the shadow passwords are being transfered over the
network from the NIS master to the client. this means that any sniffer can
catch the (encrypted) passwords and try to crask them, or any user can try
to ypcat the shaddow passwords map . the puts a lot of light on your
shadowed passwords - does it not? how does NIS protect you from these
types of attacks?

guy


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il