Penetration Testing mailing list archives
Re: [PEN-TEST] NIS. An Alternative.
From: Peter Van Epp <vanepp () SFU CA>
Date: Thu, 24 Aug 2000 12:31:49 -0700
scp and a couple of scripts, secure and less buggy. Or rsync (e.g. the same as above) I believe that appropriate scripts are even on someones home pages... check google or (IIRC) the rsync FAQ.
One caution to check before doing this is if you are reasonably large
(our size ~22,000 accounts or larger) make sure what you are changing to
still uses database lookups (ndbm in the NIS case, I expect most LDAP
implementations are database of some kind, ours certainly is) rather than
linear search (i.e. the standard password file in Unix) of the various files.
It is possible to break your system entirely by switching from database lookup
to linear search on large sites (users at the end of the password file time
out before authenticating). Its now almost 10 years ago we got bit by this
one so perhaps things have improved, or perhaps you are a small site and your
files are small enough that linear search still works but there is a
potentially serious hole there for the underinformed large system person to
fall in to ...
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
Current thread:
- [PEN-TEST] NIS. An Alternative. Jason Spencer (Aug 21)
- Re: [PEN-TEST] NIS. An Alternative. Max Vision (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Iván Arce (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Adam Prato (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Jose Nazario (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Massimo Fubini (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Ryan Permeh (Aug 22)
- Re: [PEN-TEST] NIS. An Alternative. Domenico De Vitto (Aug 24)
- Re: [PEN-TEST] NIS. An Alternative. Peter Van Epp (Aug 24)
- Re: [PEN-TEST] NIS. An Alternative. Max Vision (Aug 22)