SUMMARY:Root password of NIS clients....

From: Vipin Gupta (Vipin.Gupta@blr.sni.de)
Date: Mon Jun 23 1997 - 22:46:15 CDT


Dear Friends,

The Original question was:

I have a NIS environment at my place with NIS master/slave servers (with
SUN OS4.1.4) and about 30 NIS clients (with Solaris 2.3-5). I
maintain/manage the information/database on NIS master server and keep
the root paswword strictly with me. But for NIS clients belonging to
various other projects the root password is known to some other project
people also.

Now the problem is that anybody logged in as root on any NIS client can
do su (su xyz) to user xyz and do a lot with his/her confidential
information including readind mails. This could create serious security
problems. I know it is possible to track down the culprit but only on
the complaint from user xyz . But if user xyz does not notice the last
login time/date then the culprit can easily escape.

I would like to know the possible solutions to this problem so that this
serious security lapse can be addressed.

Answers:

I got few prompt replies in this regard and there were mainly two
suggestions:

1. To allow clients to have root access only through sudo.
2. To maintain the root password myself.

I believe that there is no complete solution to the problem and is a
serious flaw in the NIS implementation.

I would like to thank my following friends:

1. Bismark Espinoza
2. Mark Steph
3. R Srinivasa Moorthy
4. Greg Ness

Regards

-- 
___________________________________________________________
        Vipin Gupta, System Administrator              
        Siemens Info. Systems Ltd.
        Plot no.:84, First Main Road
        Keonics Electronics City, Hosur Main Road
        Bangalore-561229, INDIA
        PHONE: +91(80) 8521122  FAX: +91(80) 8521117-8 
___________________________________________________________



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:57 CDT