Go to main content

Working With Oracle® Solaris 11.3 Directory and Naming Services: DNS and NIS

Exit Print View

Updated: October 2017

Name Service Switch and Password Information

You can include and access password information in multiple repositories, such as files and nis. Use the config/password property in the name service switch to establish the lookup order for password information.

Note -  Make files the first source in the name services switch for passwd information to help prevent a denial of service (DoS) attack on the system.

In an NIS environment, the config/password property in the name service switch must list the repositories in the following order:

config/password  astring             "files nis"

Listing files first allows the root user to log in under most circumstances, even when the system encounters some network or naming service issues.

Do not maintain multiple repositories for the same user. In most cases, the naming service looks up and returns the first definition only. Duplicate entries usually mask security problems.

For example, having the same user in both files and the network repository will (depending on the config/password name-service/switch configuration) use one login ID over the other. The first matched ID for a given system will become the ID used for the login session. If an ID is in both files and the network repository and the network repository has been disabled for security reasons, then any system where the ID resides and is accessed before the network ID is disabled might now be insecure and vulnerable to insecure and unwanted access.