SUMMARY: NIS and Shadow Passwd

From: Jaap Romers (
Date: Mon Jun 22 1992 - 07:30:21 CDT

Hi System Managers,

Last week I asked the following to the net:

>We have a heterogenous network with HP's, Sun's and SGI's and in the
>future probably some NeXT workstations. Currently we are not running
>NIS, but we want to give it a try, if we can use it with shadow-
>passwd files. On the Sun's, it shouldn't be a problem (c2conv etc.),
>but what about the HP's, SGI's and NeXT ?
>Can they run with shadow-passwd if the NIS master server is a Sun
>and the slave servers having a different architecture.
>Or, is it possible to create a HP as a NIS master server an the
>other arch's as slave servers.

I did get several answers and my conclusion is: it's not possible.

Here ar some answers:

>Sun's shadow-passwd NIS map mechanism uses a proprietary extension
>to the NIS protocol. Thus, you will not be able to use NIS to distribute
>password information to any non-Sun hosts unless the vendor has
>reverse-engineered the shadow-passwd mechanism. We have not done this
>at SGI as we will be supporting SVR4 shadow-passwords in an upcoming

>HP's shadow password scheme does not cooperate with NIS.
>and, since there is no standard method of supporting shadow
>passwords within NIS, solutions each vendor take are likely
>to be divergent.

>If all you want to do is keep ypcat from being used to grab the encrypted
>passwords, then just `chown root ypcat; chmod og-x ypcat`. That would
>be a minor inconvenience for a serious bad guy.

Credits: (Casey Schaufler)
Chris Steinbroner <> (Thomas Sippel - Dau)


J.M. Romers HP/Sun System Manager
Utrecht University Department of Computer Science
P.O. Box 80.089 Email:
3508 TB Utrecht Telephone: +31 30 532248
The Netherlands Telefax: +31 30 513791

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:44 CDT