Re: NIS with local root

From: Charles Clancy (security@xauth.net)
Date: 01/30/03

  • Next message: Brian Hatch: "Re: NIS with local root"
    Date: Thu, 30 Jan 2003 16:31:13 -0600 (CST)
    From: Charles Clancy <security@xauth.net>
    To: focus-linux@securityfocus.com
    
    

    On Thu, 30 Jan 2003, Kevin Jackson wrote:

    > but surely in such a situation where NIS and NFS is employed -- you
    > won't be giving out root passwords to normal untrusted users anyway?!

    The usual problem is when users have their own machines and want access to
    the NFS network. They don't want to give up root on their own machines.

    > I know sometimes it can't be avoided in some situations -- if that's the
    > case then you may want to look at alternatives - NIS+ was mentioned.

    NIS+ is not much more secure than NIS if you have root. In all the
    installations I've seen, the only difference is that the NIS+ client won't
    let normal users see the encrypted passwords (from "niscat
    passwd.org_dir"). Plus, NIS+ support for Linux isn't entirely complete.

    The real solution is to get rid of NIS and NFS, and replace them with AFS,
    LDAP, and Kerberos. AFS does file access control at a user level, rather
    than a host level. That means local root can't get access to your
    files[1] -- only AFS admin can do that. The LDAP/Kerberos option means no
    more unshadowed passwords floating around the network.

    http://www.openafs.org
    http://www.openldap.org
    http://web.mit.edu/kerberos/www/

    All are well supported under Linux (not to mention many other UNIXes, and
    even the ability to interact almost seamlessly with Microsoft ADS).

    --
    [1] Well, he can try to steal your Kerberos credentials if you're logged
    in to the machine, but he can't just "su".
    [ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
    


    Relevant Pages

    • Re: How to remove users "only" on NIS database?
      ... In the beginning hashed passwords were in the /etc/passwd file. ... that information over the network. ... Therefore with NIS the shadow file is made available. ... won't have local root. ...
      (Debian-User)
    • Re: [SLE] Change NIS user passwords as root
      ... If you trust root for chaning NIS passwords, ...
      (SuSE)
    • Re: Problem changing local root password
      ... It's been ages, but if memory serves, using shadow passwords along with NIS tended to be problematic. ... If that still doesn't resolve te issue, try prepending the root record in the passwd file by a + sign. ...
      (RedHat)
    • Re: Attempt to breakin
      ... > a really dumb brute-force attack. ... a year or two old has a couple of very easy to remotely "get root" exploits. ... people that belong to the 'wheel' group can 'su' to root; ... Nobody can guess passwords if sshd won't accept passwords ...
      (comp.os.linux.networking)
    • I can not su to root on my Sun Solaris 9 (SPARC) box, even with the correct password
      ... I used the correct root password but still am not able to ... I have the following configured and running on my Sun box. ... I am using NIS / YP for my authentication and this Sun box is ... NOT neither running as an NIS master nor as an NIS slave server. ...
      (comp.unix.questions)