Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!inquo!in-news.erinet.com!imci5!imci4!newsfeed.internetmci.com!netnews2.nwnet.net!news.nodak.edu!plains.nodak.edu!not-for-mail From: tinguely@plains.nodak.edu (Mark Tinguely) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: NIS client setup Date: 7 May 1996 08:57:41 -0500 Organization: Computer Science Department, North Dakota State University, Fargo Lines: 18 Message-ID: <4mnksl$9o0@plains.nodak.edu> References: <3189E69E.727C@arrakis.comm.pub.ro> <4ml84l$3nf@plains.nodak.edu> <4mnh4i$s7p@picard.cistron.nl> NNTP-Posting-Host: plains.nodak.edu Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit In article <4mnh4i$s7p@picard.cistron.nl>, Miquel van Smoorenburg <miquels@cistron.nl> wrote: >In article <4ml84l$3nf@plains.nodak.edu>, >Mark Tinguely <tinguely@plains.nodak.edu> wrote: >>we should x-or the password record coming from NIS server (and x-or on > >You could check the port the request is originating from and xxx out >the password field if it is > 1024 (ie insecure). at application level this does work great, I am worried at the network level there people can snoop the password record, complete with encrypted password, as it is sent down the wire. at this level NIS defeats the shadow password facility. My suggestion of exclusive or-ing or reversible sums on the whole NIS password record would give a little more protection against the lazy cracker. --mark.