On Tuesday 18 March 2003 04:13 pm, Haim Ashkenazi wrote: > Hi Hello, > A friend just asked me this question and I got curious. say I'm equipped > with a linux laptop and some knowledge, I can walk into a company that uses > NIS, find out the settings (NISDOMAIN, free ip address, etc...) and join > their domain. now I can login as root on my computer, su to any user and > see/change/delete his files. is it that easy?
Yes, quite. NIS uses no authentication whatsoever. > of-course, administrators should protect their mounts with netgroups > permissions, and users should protect their important files with > encryption, but how many of these you see? Not many. The problems you describe above are well-known. > any ideas? suggestions? Use LDAP and Kerberos instead of NIS. They are equally or better supported in every situation I know of. - Keegan