On Wed, 22 Nov 2006, Gerrit [ISO-8859-1] K�hn wrote: > On Wed, 22 Nov 2006 09:07:34 -0500 (EST) Mark Hennessy <[EMAIL PROTECTED]> > wrote about Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf: > > > MH> I'm a bit unsure about it myself. > MH> I tried exactly what you suggested, putting files on the compat line > MH> and before nis for both passwd and groups on the NIS slave server > MH> only, and no go. Perhaps it is the master server that actually > MH> controls this? I don't know. Any further advice would be greatly > MH> appreciated. > > Sorry to disturb, but I don't understand why you distribute the server's > root pw via NIS at all. Is it really shown by "ypcat passwd" on the > client? If so, how about removing it from the list of exported accounts?
That's a really good point. When you consider the inherent insecurity of NIS, having a root password in the maps is a pretty bad plan anyway. Given my vague handwaving at PAM, and the fact that the OP probably has NIS as sufficient above pam_unix, the obvious solution if my unverified assertions are correct is to remove the root password from the NIS maps. David Adam [EMAIL PROTECTED] _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
