HPE Community
Operating System - Tru64 Unix
1829420 Members
2393 Online
109991 Solutions
New Discussion

Re: NIS set with encrypted password exposure!!

 
SR Rao
Advisor

‎04-26-2005 08:28 PM

‎04-26-2005 08:28 PM

NIS set with encrypted password exposure!!

Hi all, Got this query from one of the customer to check if:

1. Is NIS enabled on a cluster environment?
2. If so, is NIS set with encrypted password exposure?

How do we check this? I check if NIS is implemented by grep'ing for '+' in /etc/passwd. Sure there would be a much better way to do so.

Thanks.
0 Kudos
1 REPLY 1
Ann Majeske
Honored Contributor

‎04-27-2005 03:56 AM

‎04-27-2005 03:56 AM

Re: NIS set with encrypted password exposure!!

NIS is not enabled by default on single systems or clusters. grep'ing for "+" in /etc/passwd is probably the easiest way to check if NIS has been enabled for the passwd map, but this won't necessarily tell you if NIS is currently enabled on your system.

The way to tell if NIS is enabled on your system is the command:
rcmgr get NIS_CONF
if the answer is "YES", NIS is currently configured on your system.

Tru64 UNIX does not have NIS+, only NIS. If NIS is enabled on your system and for the password map, any encrypted passwords in the passwd map will be visible to all users (for example with the ypcat command).

There are a couple ways around this that I know:
1) Don't use NIS
2) Use Enhanced Security
If you use Enhanced Security, and don't use the C1CRYPT encryption method (which says to put the encrypted passwords in the passwd map) the encrypted passwords will be in the prpasswd map which is not visible to other users except for root. The problem with using Enhanced Security is that it is only compatible with other Tru64 UNIX systems. So, this wouldn't be an option in a multivendor environment.

Ann
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.