Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security Configuration Settings?

from [Lupe Christoph] Network Security [Permanent Link]
Subject: Re: Security Configuration Settings?
Date: Thu, 23 Sep 2004 11:04:19 +0200 
On Tuesday, 2004-09-21 at 13:34:33 -0000, El C0chin0 wrote:


I don't understand and haven't been able to find anything related to what 
describes 'compat'.  Can any one provide me with why it is a good measure to 
change this from 'files' to 'compat' and what other changes may be necessary 
or what exactly is the difference?


Please keep your lines to 72~80 chars.

Do a "man nsswitch.conf", search for compat:

     compat                   Valid only for passwd and  group;
                              implements   "+"   and  "-".  See
                              Interaction with +/- syntax.

  Interaction with +/- syntax
     Releases prior to SunOS 5.0 did not have  the  name  service
     switch  but  did  allow  the  user  some  policy control. In
     /etc/passwd  one  could  have  entries  of  the  form  +user
     (include  the  specified user from NIS passwd.byname), -user
     (exclude the specified  user)  and  +  (include  everything,
     except  excluded users, from NIS passwd.byname). The desired
     behavior was often  "everything  in  the  file  followed  by
     everything  in NIS", expressed by a solitary + at the end of
     /etc/passwd. The switch provides  an  alternative  for  this
     case  ("passwd:  files nis") that does not require + entries
     in /etc/passwd and /etc/shadow (the latter is a new addition
     to SunOS 5.0, see shadow(4)).

     If this is not sufficient, the NIS/YP  compatibility  source
     provides  full  +/-  semantics.  It  reads  /etc/passwd  for
     getpwnam(3C)  functions  and  /etc/shadow  for  getspnam(3C)
     functions and, if it finds +/- entries, invokes an appropri-
     ate source. By default, the source is "nis", but this may be
     overridden  by  specifying "nisplus" or "ldap" as the source
     for the pseudo-database passwd_compat.

     Note that for every /etc/passwd entry,  there  should  be  a
     corresponding entry in the /etc/shadow file.

     The NIS/YP  compatibility  source  also  provides  full  +/-
     semantics   for   group;  the  relevant  pseudo-database  is
     group_compat.

HTH,
Lupe Christoph

-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security Configuration Settings?, Marek Antozi
Next by Date:  Re: Security Configuration Settings?, Eric Forgette
Previous by Thread:  Re: Security Configuration Settings?, Marek Antozi
Next by Thread:  Re: Security Configuration Settings?, James Lick
Indexes:  [Date] [Thread] [Top] [All Lists]