[1529] in bugtraq
Re: Obtaining NIS domainname from Gatorbox
daemon@ATHENA.MIT.EDU (der Mouse)
Tue Apr 18 19:30:13 1995
Date: Tue, 18 Apr 1995 11:15:07 -0400
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: bugtraq@fc.net
>>> Maybe a good reason to join the crowd and not run NIS?
>> I wish. [What else is out there?]
> There's also NeXT Inc's Netinfo. [...] don't take my word for it,
> check it out on your own in depth.
I'd like to. Where can I find the spec?
> One of the best things I can say for it is, I've never heard of
> anyone using, making, or otherwise grabbing a password map from
> netinfo from a totaly alien machine...
I own a NeXT. I expect nobody else can steal my password map; indeed,
it's so secure _I_ have trouble dumping the whole thing! I have to
resort to things like
for i in `niutil -t -list localhost/local /users | awk '{print $2}'`
do
niutil -t -read localhost/local /users/$i | ....
done
> I'm not saying it's not possible, but I've seen netinfo frustrate
> more than one hacker, even when they got on a machine using it via
> other means.
I'm another one: it frustrates me no end and I own the ruddy machine!
I have also been completely unable to find any docs on it beyond NeXT's
usual useless "trust us, just run it and it works". (I admit, I
haven't tried very hard, because I'm hoping to switch OSes before too
much longer.) I've found that using
"niutil -t xxx localhost/local yyyy" mostly prevents it from hanging if
I happen to be off the net at the time, but having to do that is gross.
If I could find protocol docs, I'd write my own daemons....
der Mouse
mouse@collatz.mcrcim.mcgill.edu
