HPE Community
Operating System - Linux
1752786 Members
5870 Online
108789 Solutions
New Discussion юеВ

How to implement NIS on Linux with passwd.adjunct?

 
yyghp
Super Advisor

тАО05-25-2007 02:38 AM

тАО05-25-2007 02:38 AM

How to implement NIS on Linux with passwd.adjunct?

I am working on the NIS master on a Linux server. Because shadow file is not safe, I would like to use passwd.adjunct to store encrypted passwords, that is, c2 security. How can I find the detail instructions?
Thanks!
0 Kudos
Reply
5 REPLIES 5
Ivan Ferreira
Honored Contributor

тАО05-25-2007 02:43 AM

тАО05-25-2007 02:43 AM

Re: How to implement NIS on Linux with passwd.adjunct?

I'm very confused with your post.

>>> I am working on the NIS master on a Linux server.

NIS is obsolete, you should consider using LDAP or NIS+.

>>> Because shadow file is not safe

Why do you think this?

>>> I would like to use passwd

Please explain me this. The passwd is insecure and shadow is used to increase the security.

>> c2 security

Also, an old concept. You should consider Controlled Access Protection Profile
├в CAPP.

>>> How can I find the detail instructions?

I always use google.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
yyghp
Super Advisor

тАО05-25-2007 02:53 AM

тАО05-25-2007 02:53 AM

Re: How to implement NIS on Linux with passwd.adjunct?

Hi Ivan,

Thanks for the quick response!
Because now I am migrating our NIS service from Solaris box to Linux box. We used "passwd.adjunct" to store encrypted passwords on Solaris, we called C2 Security, instead of using shadow. So, people use "ypcat" won't get the encrypted passwords.
As I find that in the Linux the "/var/yp/Makefile" does have the passwd.adjunct session, but it is commented out by default. If I use shadow file, then the user from the client side can easily use "ypcat shadow.byname" to get the encrypted passwords, then crack them.
I would like to stick to the NIS security solution we had on Solaris box, that is, keep using "passwd.adjunct" on the new Linux NIS server. But how can I do that?
I couldn't find any implementation to use passwd.adjunct on Linux box via google.
Please help!

Thanks again!
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО05-25-2007 03:54 AM

тАО05-25-2007 03:54 AM

Re: How to implement NIS on Linux with passwd.adjunct?

This is a personal opinion. If I have to move from NIS, I would move to LDAP. Try to find more information about LDAP advantages. You should also check Fedora/Red Hat Directory Server.

With LDAP, passwords (and optionally all communication with ssl) are encrypted. you can define rules that allows read/modify access to security sensitive attributes only by the user related with the attributes.

You have migration tools from NIS to LDAP:

http://www.padl.com/OSS/MigrationTools.html
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
yyghp
Super Advisor

тАО05-25-2007 04:01 AM

тАО05-25-2007 04:01 AM

Re: How to implement NIS on Linux with passwd.adjunct?

Hi Ivan,

The problem is that I have to use NIS on Linux, no choice for this time.
Thanks!
0 Kudos
Reply
Kevin Wright
Honored Contributor

тАО05-27-2007 05:08 PM

тАО05-27-2007 05:08 PM

Re: How to implement NIS on Linux with passwd.adjunct?

what version of Linux? If your makefile as you stated has the C2 security info but is commented, uncomment the relevant lines, ensure your source files are setup, and run make.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.