June 2000
Intermediate to advanced
512 pages
15h 18m
English
Content preview from Linux Network Administrator's Guide, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
NIS Server Security
NIS used to have a major security flaw: it left your password file
readable by virtually anyone in the entire Internet, which made for
quite a number of possible intruders. As long as an intruder knew your
NIS domain name and the address of your server, he could simply send
it a request for the passwd.byname map and
instantly receive all your system’s encrypted passwords. With a fast
password-cracking program like crack and a good
dictionary, guessing at least a few of your users’ passwords is rarely
a problem.
This is what the securenets option is all
about. It simply restricts access to your NIS server to certain hosts,
based on their IP addresses or network numbers. The latest version of
ypserv implements this feature in two ways. The
first relies on a special configuration file called
/etc/ypserv.securenets and the second
conveniently uses the /etc/hosts.allow and
/etc/hosts.deny files we already encountered in
Chapter 12.[77]
Thus, to restrict access to hosts from within the Brewery, their
network manager would add the following line to
hosts.allow:
ypserv: 172.16.2.
This would let all hosts from IP network
172.16.2.0 access the NIS server. To
shut out all other hosts, a corresponding entry in
hosts.deny would have to read:
ypserv: ALL
IP numbers are not the only way you can specify hosts or networks in
hosts.allow and hosts.deny. Please
refer to the hosts_access(5) manual page on your system
for details. However, be warned that you cannot use host ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.