On Wed, Sep 19, 2001 at 12:18:32PM -0500, Munir Nassar wrote: > I would like to add a few observations that i have on NIS and Shadow passwords... > > Fist of all, Solaris does support Shadow password, the reason i know this is because a "System Administrator" was complaining that he couldnt see the hashed passwords in the passwd file, he didnt like the way shadows worked... > > also concerning NIS and shadows is that root on any machine(does not have to be yours) connected to the network can retrieve the hashed shadow file over NIS. a very grave security flaw. > Well, it's better than any non-root user on any machine in the domain being able to get your passwd map with hashes in it. That's the default for NIS. It's more liekly that an atacker will get into a user's account then it is they'll get root. If they get root, you have a much more serious problem. Gabe -- ------------------------------------------------------------------------ Gabe Turner gabe at msi.umn.edu SGI Origin Systems Administrator, University of Minnesota Supercomputing Institute for Digital Simulation and Advanced Computation www.msi.umn.edu ------------------------------------------------------------------------