yes NIS+ is a bit better, but basically its in-adequate security wise. It should not be considered for a new system/network IMHO.
regards Steven -----Original Message----- From: Haim Ashkenazi [mailto:[EMAIL PROTECTED] Sent: Wednesday, 19 March 2003 12:30 To: Debian Security Subject: OT: Is it so easy to break into an NIS? Hi A friend just asked me this question and I got curious. say I'm equipped with a linux laptop and some knowledge, I can walk into a company that uses NIS, find out the settings (NISDOMAIN, free ip address, etc...) and join their domain. now I can login as root on my computer, su to any user and see/change/delete his files. is it that easy? of-course, administrators should protect their mounts with netgroups permissions, and users should protect their important files with encryption, but how many of these you see? any ideas? suggestions? Bye -- Haim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
