This is NetInfo-Boot+Security-Problems in view mode; [Up]
Date: Sun 08-Nov-1989 00:39:58 From: Unknown Subject: NetInfo Boot & Security Problems sharing the database except via 'rdist') and YP. Our hostconfig files have hardcoded host/domain names for HOSTNAME and DOMAIN, -NO- for NETMASTER and hardcoded addresses for everything else. Problem 1: Since all the information about 'services', 'protocols', 'rpcs', etc. are in the NetInfo database, I assumed (even with the above configuration) that I could delete the equivalent files from /etc in order to avoid redundant, out of date copies. However when I removed them, the machine wouldn't boot as it tried to look up syslogd in 'services' before netinfod was running, and other such problems. The NeXT requires both the NetInfo entries and flat files which seems to be a bug (I assume having a NETMASTER fixes this but it shouldn't be a requirement--netinfod should be started/accessible earlier in the boot process). Problem 2: When I set up the machines, I added the YP 'magic cookie' user entry, "+::0:0:::", to the passwd directory in NetInfo (and dumped the passwd directory to the /etc/passwd file for redundancy) and everything worked fine. However, I discovered that doing this allowed anyone to login as "+" sans password and end up logged in as root (only at the console, not via the network). The only workable solution I found was to remove the 'magic cookie' from the NetInfo database but leave it in the /etc/passwd file and everything works as desired. However this means that non-identical password information is now stored in two different places that have to be kept up to date and seems to imply that the notion that the /etc/passwd file is not used if NetInfo is running is incorrect when YP is involved. I'd appreciate any insight into and/or better solutions to these problems. - Christopher ------- >From: phil@attctc.Dallas.TX.US (Phil Meyer)
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Marcel Waldvogel and Netfuture.ch.