Password Files and Namespace Security
For security reasons:
-
It is best to limit access to the NIS maps on the master server.
-
The files used to build the NIS password maps should not contain an entry for root to protect against unauthorized access. To accomplish this, the password files used to build the password maps should have the root entry removed from them and be located in a directory other than the master server's /etc directory. This directory should be secured against unauthorized access.
For example, the master server password input files could be stored in a directory such as /var/yp, or any directory of your choice, as long as the file itself is not a link to another file and is specified in the Makefile. The /usr/lib/netsvc/yp/ypstart script automatically sets the correct directory option according to the configuration specified in your Makefile.
Note -
In addition to the older Solaris 1.x version passwd file format, this implementation of NIS accepts the Solaris Release 2 passwd and shadow file formats as input for building the NIS password maps.
- © 2010, Oracle Corporation and/or its affiliates