System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Previous Next

Password Files and Namespace Security

For security reasons, follow these guidelines.

  • It is best to limit access to the NIS maps on the master server.

  • The files used to build the NIS password maps should not contain an entry for root to protect against unauthorized access. To accomplish this, the password files used to build the password maps should have the root entry removed from them and be located in a directory other than the master server's /etc directory. This directory should be secured against unauthorized access.

For example, the master server password input files could be stored in a directory such as /var/yp, or any directory of your choice, as long as the file itself is not a link to another file and is specified in the Makefile. When you use either the Service Management Facility or the ypstart script to start the NIS service, the correct directory option is set according to the configuration specified in your Makefile.


Note - In addition to the older Solaris 1 version passwd file format, this implementation of NIS accepts the Solaris 2 passwd and shadow file formats as input for building the NIS password maps.


Previous Next