Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NIS

Status
Not open for further replies.

fun

Technical User
Oct 3, 2002
3
US

I have a nis login say, user1. The NIS server runs on solaris 7. Also i got a workstation which runs on solaris 7.

Now see the fun.
I logged in *my workstation* as super user (root).
When i executed
# su - user1 i could log in as user1 without any password.

Similarly I was able to log in to any user account in the NIS database from my local root account without a password !!!!

Weird ???

 
Blows your mind doesn't it? [sig]<p>Ged Jones<br><a href=mailto:gedejones@hotmail.com>gedejones@hotmail.com</a><br><a href= > </a><br>Top man[/sig]
 
Erm - root can &quot;su&quot; to anyone without entering a password. It's one reason why root is called the Super User. :)

One thing to remember about NIS is that it's just a method for sharing text databases across a network of machines. It makes things easier for system admins in that they have one place where all changes can be made.

So, when you &quot;su&quot; you are just looking at a login name/password database. Whether it's hosted by NIS or /etc/passwd & /etc/shadow doesn't make much difference. (And you can expand this a little. Have a quick think about using a PAM module to authenticate user's using a LDAP database.) [sig]<p> Andy Bold<br><a href=mailto: > </a><br><a href= > </a><br>"I've probably made most of the mistakes already, so hopefully you won't have to..." Me, most days.[/sig]
 
Andy,

I dont want to question the capabiliies of root account.

Just take an example of an unix environment where
100's of unix workstations are involved. All are under
the same nis domain.
There is no doubt that all these workstations have their
own root login. U mean to say that , if any body knows
the root password of their *local system* , they can
access any user in the database ?

 
Yes, hence super user. Whether your root on the NIS server or a client of the NIS server you can su to any user in /etc/passwd, /etc/shadow or any user whose account is supplied by the NIS server. That is why the root password is so valuable and should be kept close to the chest. [sig]<p>Jon Zimmer<br><a href=mailto:b0rg@pcgeek.net>b0rg@pcgeek.net</a><br><a href= Aetea Information Technology</a><br>The software required `Windows 95 or better', so I installed Linux.<br>
[/sig]
 
That's 100% percent correct. As Jon said, it's one of the many reasons why &quot;root&quot; passwords should be treated as being extremely confidential. Don't forget that all that NIS is doing is maintaining a shared repository of textual databases.

At the application level (ie, when you login, run &quot;su&quot;, or use &quot;ftp&quot;) it is not relevant whether NIS is being used or not. All that the application sees is a copy of the shared user information that is being used by every NIS master or slave on the network.
[sig]<p> Andy Bold<br><a href=mailto: > </a><br><a href= > </a><br>"I've probably made most of the mistakes already, so hopefully you won't have to..." Me, most days.[/sig]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top