From: prl@iis.ethz.ch (Peter Lamb)
Newsgroups: alt.sys.sun
Subject: Re: C2 security and passwords
Keywords: passwd,c2conv
Message-ID: <prl.683338578@iis>
Date: 28 Aug 91 00:16:18 GMT
References: <1991Aug27.185853.5493@uceng.UC.EDU>
Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH

montjoy@thor.ece.uc.edu (Robert Montjoy) writes:

>Note YP users!!!  If you are running YP your passwd.adjucnt files will
>		  not be protected from causal users. Anyone can just
>                  "ypcat" the map..  This issue was discussed at length
>                  in alt.security(about 4 weeks ago)

Not quite true. Only all the people on the net who can become
root can `ypcat' the map. Of course, for the normal NIS passwd map this
restriction doesn't apply. I have engaged in a practical demonstration of
this effect (with the consent of the other sysadmin). I copied a
(dummy) passwd.adjunct file from a machine in the US to my workstation
in Switzerland.
--
Peter Lamb (prl@iis.ethz.ch)
Integrated Systems Laboratory
ETH-Zentrum, 8092 Zurich