>>>>> On Fri, 22 Apr 2022 13:41:50 -0700, Steve Langasek <vor...@debian.org> >>>>> said:
> NIS also dates from a period when rsh was considered acceptable, and unless > I'm mistaken, has a comparable level of security. Allowing access to > password hashes for users based on the IP of the machine you are querying > from is not a sane security policy, and I don't think we should indefinitely > make Debian worse for all other users (bigger minimal system == worse) to > cater to users of these obsolete, insecure systems. A normal user does not see the password hashes, only processes which can use a port < 1024 see the password hash in the NIS map. So I do not see a problem giving machines of a subnet (based on their IP) access to the NIS data, when I can make sure only permitted computers can access the network. This does not give all users of this machine access to the password hashes. -- regards Thomas