> Even with a secure NIS implementation a user on a host in the domain
> can simply do a
>
> ypcat passwd
>
> to get at the passwords. If the getdomainname() call would require root priviledges
> then the ypcat would not be possible.
The user could also write a program:
setpwent();
while (NULL != (pw=getpwent()))
/* print entry */;
endpwent();
I don't think you want to abandon getpwent(). Restricting getdomainname()
does not really help to make your system more secure, but you will get a
lot of problems. All the passwd routines need getdomainname() (or
yp_get_default_domain(), which in turn calls getdomainname),
gethostbyname() calls it (if there is a "nis" entry in /etc/host.conf),
etc. If you don't want others to read your passwd, you have to use
something different, not NIS (perhaps NIS+, but I'm not sure it works,
did not try). Alternatively, check your passwd regularly with crack and
force your users to choose strong passwords.
Greetings, Swen