Operating System - Linux
1839243 Members
2306 Online
110137 Solutions
New Discussion

Re: How to implement NIS on Linux with passwd.adjunct?

 
yyghp
Super Advisor

How to implement NIS on Linux with passwd.adjunct?

I am working on the NIS master on a Linux server. Because shadow file is not safe, I would like to use passwd.adjunct to store encrypted passwords, that is, c2 security. How can I find the detail instructions?
Thanks!
5 REPLIES 5
Ivan Ferreira
Honored Contributor

Re: How to implement NIS on Linux with passwd.adjunct?

I'm very confused with your post.

>>> I am working on the NIS master on a Linux server.

NIS is obsolete, you should consider using LDAP or NIS+.

>>> Because shadow file is not safe

Why do you think this?

>>> I would like to use passwd

Please explain me this. The passwd is insecure and shadow is used to increase the security.

>> c2 security

Also, an old concept. You should consider Controlled Access Protection Profile
â CAPP.

>>> How can I find the detail instructions?

I always use google.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
yyghp
Super Advisor

Re: How to implement NIS on Linux with passwd.adjunct?

Hi Ivan,

Thanks for the quick response!
Because now I am migrating our NIS service from Solaris box to Linux box. We used "passwd.adjunct" to store encrypted passwords on Solaris, we called C2 Security, instead of using shadow. So, people use "ypcat" won't get the encrypted passwords.
As I find that in the Linux the "/var/yp/Makefile" does have the passwd.adjunct session, but it is commented out by default. If I use shadow file, then the user from the client side can easily use "ypcat shadow.byname" to get the encrypted passwords, then crack them.
I would like to stick to the NIS security solution we had on Solaris box, that is, keep using "passwd.adjunct" on the new Linux NIS server. But how can I do that?
I couldn't find any implementation to use passwd.adjunct on Linux box via google.
Please help!

Thanks again!
Ivan Ferreira
Honored Contributor

Re: How to implement NIS on Linux with passwd.adjunct?

This is a personal opinion. If I have to move from NIS, I would move to LDAP. Try to find more information about LDAP advantages. You should also check Fedora/Red Hat Directory Server.

With LDAP, passwords (and optionally all communication with ssl) are encrypted. you can define rules that allows read/modify access to security sensitive attributes only by the user related with the attributes.

You have migration tools from NIS to LDAP:

http://www.padl.com/OSS/MigrationTools.html
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
yyghp
Super Advisor

Re: How to implement NIS on Linux with passwd.adjunct?

Hi Ivan,

The problem is that I have to use NIS on Linux, no choice for this time.
Thanks!
Kevin Wright
Honored Contributor

Re: How to implement NIS on Linux with passwd.adjunct?

what version of Linux? If your makefile as you stated has the C2 security info but is commented, uncomment the relevant lines, ensure your source files are setup, and run make.