The administrative files within an NIS domain are NIS maps, which are
dbm
-format files that you generate from existing configuration files
such as /etc/passwd
, /etc/shadow
, and
/etc/groups
. Each map is indexed on one field, and records are
retrieved by specifying a value from that field. Some source files such as
/etc/passwd
have two maps:
passwd.byname
Indexed on user name.
passwd.byuid
Indexed on user ID.
The /var/yp/nicknames
file contains a list of commonly used short
names for maps such as passwd
for passwd.byname
and
group
for group.byname
.
You can use the ypcat command to display the contents of an NIS map, for example:
# ypcat - passwd | grep 500
guest:$6$gMIxsr3W$LaAo...6EE6sdsFPI2mdm7/NEm0:500:500::/nethome/guest:/bin/bash
As the ypcat command displays password hashes to any user, this example demonstrates that NIS authentication is inherently insecure against password-hash cracking programs. If you use Kerberos authentication, you can configure password hashes not to appear in NIS maps, although other information that ypcat displays could also be useful to an attacker.
For more information, see the ypcat(1)
manual page.