*BSD News Article 67879


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!inquo!in-news.erinet.com!imci5!imci4!newsfeed.internetmci.com!netnews2.nwnet.net!news.nodak.edu!plains.nodak.edu!not-for-mail
From: tinguely@plains.nodak.edu (Mark Tinguely)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: NIS client setup
Date: 7 May 1996 08:57:41 -0500
Organization: Computer Science Department, North Dakota State University, Fargo
Lines: 18
Message-ID: <4mnksl$9o0@plains.nodak.edu>
References: <3189E69E.727C@arrakis.comm.pub.ro> <4ml84l$3nf@plains.nodak.edu> <4mnh4i$s7p@picard.cistron.nl>
NNTP-Posting-Host: plains.nodak.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

In article <4mnh4i$s7p@picard.cistron.nl>,
Miquel van Smoorenburg <miquels@cistron.nl> wrote:
>In article <4ml84l$3nf@plains.nodak.edu>,
>Mark Tinguely <tinguely@plains.nodak.edu> wrote:
>>we should x-or the password record coming from NIS server (and x-or on
>
>You could check the port the request is originating from and xxx out
>the password field if it is > 1024 (ie insecure).

at application level this does work great, I am worried at the network level
there people can snoop the password record, complete with encrypted password,
as it is sent down the wire. at this level NIS defeats the shadow password
facility.

My suggestion of exclusive or-ing or reversible sums on the whole NIS password
record would give a little more protection against the lazy cracker.

--mark.