On Wed, Apr 14, 1999 at 05:40:55AM +0300, guy keren wrote:
[shadowed NIS]
> and why do you think this solves the problem? one can always connect an
> extra machine to your network, or run sniffers, etc, etc, etc.
It doesn't solve THE problem, it solves /a/ particularly annoying
problem; namely, that anyone can run ypcat passwd and smile.
> i'd think that only solutions that replace ALL mechanisms that transfer
> passwords over the network, with mechanisms that use some challenge-based
> or public key based protocols, would give you some level of security
>
> (e.g. check out on kerberos, for instance).
Building a secure local network from scratch is a Big Deal.
Kerberos has its problems, too (very strict timing, for example,
is hard to achieve, etc. etc)
--
believing is seeing
[EMAIL PROTECTED]
http://www.forum2.org/gaal/
