On Wed, Sep 19, 2001 at 12:18:32PM -0500, Munir Nassar wrote: > also concerning NIS and shadows is that root on any machine(does not have to be yours) connected to the network can retrieve the hashed shadow file over NIS. a very grave security flaw. Perhaps, but it's necessary. If root at randombox can't retrieve the shadow map, how is randombox supposed to do NIS login authentication? If this is something that poses a problem for you, use /etc/ypserv.securenets to restrict the IP address ranges that are allowed to access your NIS maps. -- With the arrest of Dimitry Sklyarov it has become apparent that it is not safe for non US software engineers to visit the United States. - Alan Cox "To prevent unauthorized reading..." - Adobe eBook reader license