NIS: which mechanism hides shadow.byname for unpriviledged users?

Posted by Mark Salzer on Server Fault See other posts from Server Fault or by Mark Salzer
Published on 2012-12-04T09:25:24Z Indexed on 2013/06/25 4:23 UTC
Read the original article Hit count: 506

Filed under:
|
|
|
|

On some Linux box (SLES 11.1) which is a NIS client I can do as root:

ypcat shadow.byname

and get output, i.e. some lines with the encrypted passwords, amongst other information.

On the same Linux box, if I run the same command as unpriviledged user, I get

No such map shadow.byname. Reason: No such map in server's domain

Now I am surprised. My good old knowlege says that shadow passwords in NIS are absurd because there is no access control or authentication in the protocol and thus every (unpriviledged) user can access the shadow map and thereby obtain the encrypted passwords.

Obviously we have a different picture here. Unfortunately I don't have access to the NIS server to figure out what is happening. My only guess is that the NIS master gives the map only to clients conection from a priviledged port (>1024), but this is only an uneducated guess.

What mechanisms are there in current NIS implementations to lead to a behavior like the above? How "secure" are they? Can the be circumvented easily? Or are shadow passwords in NIS as secure as the good old shadow files?

© Server Fault or respective owner

Related posts about linux

Related posts about security