> On 19 Feb 1996, Christoph Lameter wrote:
>
> > Even with a secure NIS implementation a user on a host in the domain
> > can simply do a
> >
> > ypcat passwd
> >
> > to get at the passwords. If the getdomainname() call would require root priviledges
> > then the ypcat would not be possible.
>
> The user could also write a program:
>
> setpwent();
> while (NULL != (pw=getpwent()))
> /* print entry */;
> endpwent();
>
> I don't think you want to abandon getpwent(). Restricting getdomainname()
> does not really help to make your system more secure, but you will get a
> lot of problems. All the passwd routines need getdomainname() (or
> yp_get_default_domain(), which in turn calls getdomainname),
> gethostbyname() calls it (if there is a "nis" entry in /etc/host.conf),
> etc. If you don't want others to read your passwd, you have to use
> something different, not NIS (perhaps NIS+, but I'm not sure it works,
> did not try). Alternatively, check your passwd regularly with crack and
> force your users to choose strong passwords.
How about requiring root priviledges for getpwent()?
But then passwd needs to run with root priviledges.