Article 50907 of comp.sys.sun.admin: Path: mri.com!newsfeed1.aimnet.com!www.nntp.primenet.com!nntp.primenet.com!news.sgi.com!cgl!picasso.ucsf.edu!mday From: mday@picasso.ucsf.edu (Mark Day) Newsgroups: comp.sys.sun.admin Subject: Re: Snoop/Etherfind and NIS+ Date: 25 Sep 96 18:47:26 GMT Organization: UCSF Computer Graphics Lab Lines: 33 Message-ID: References: <3247E6DE.18DC@fmr.com> NNTP-Posting-Host: picasso-yp.ucsf.edu Diana March writes: >Last night I had a user who used either Snoop or Etherfind to get the >root password on a restricted machine. Fortunately, he is harmless >however I am running NIS+ and was under the impression that the >passwords were encrypted. Is it only the user passwords and not the >root password? Under Solaris 2.x the root password is stored locally in the /etc/shadow file; NIS+ is used to obtain NIS+ credentials, but not to authenticate the local root password. So anytime you telnet or rlogin across a network and see a password prompt, you need to be aware that your keystrokes are visible to anyone sniffing along the path the packets are taking. Some of the solutions to this genaral problem are: 1. Install root .rhosts file on the remote machines allowing root access from a well secured administrative machine. The pro/cons of root .rhosts are often the subject of fierce debates; consider this suggestion to be controversial. 2. Use one time passwords (OTP). Both the logdaemon and OPIE packages are publicly available and can prevent the sniffing of passwords. 3. Use secure shell (SSH) see http://www.cs.hut.fi/ssh -- Mark Day Magnetic Resonance Science Center mday@mrsc.ucsf.edu University of California, San Francisco (415) 476-1068