From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: tuhs-bounces@minnie.tuhs.org
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.9 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	HTML_MESSAGE,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SUBJ_ALL_CAPS
	autolearn=no autolearn_force=no version=3.4.2
Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id c1b03008
	for <ml@inbox.vuxu.org>;
	Tue, 6 Nov 2018 00:31:33 +0000 (UTC)
Received: by minnie.tuhs.org (Postfix, from userid 112)
	id 2E24BA2309; Tue,  6 Nov 2018 10:31:32 +1000 (AEST)
Received: from minnie.tuhs.org (localhost [127.0.0.1])
	by minnie.tuhs.org (Postfix) with ESMTP id 13473A215E;
	Tue,  6 Nov 2018 10:30:51 +1000 (AEST)
Received: by minnie.tuhs.org (Postfix, from userid 112)
 id 41235A216B; Tue,  6 Nov 2018 08:43:59 +1000 (AEST)
Received: from p3plsmtpa09-01.prod.phx3.secureserver.net
 (p3plsmtpa09-01.prod.phx3.secureserver.net [173.201.193.230])
 by minnie.tuhs.org (Postfix) with ESMTPS id C818CA215E
 for <tuhs@minnie.tuhs.org>; Tue,  6 Nov 2018 08:43:58 +1000 (AEST)
Received: from medusa.kilonet.net ([72.69.11.12]) by :SMTPAUTH: with ESMTPA
 id JnbBgvRcPnmF8JnbBgZNzO; Mon, 05 Nov 2018 15:43:57 -0700
Received: from [199.89.231.101] (ender.kilonet.net [199.89.231.101])
 by medusa.kilonet.net (8.14.8/8.15.1) with ESMTP id wA5MhvXp022530
 for <tuhs@minnie.tuhs.org>; Mon, 5 Nov 2018 17:43:57 -0500 (EST)
To: tuhs@minnie.tuhs.org
References: <f99e4c98-d584-d823-a581-0d6c3b9c3420@spamtrap.tnetconsulting.net>
 <alpine.DEB.2.20.1811051132410.13752@mira.opentrend.net>
 <c710dafc-9edc-cd29-3aeb-dc0fa6badeff@spamtrap.tnetconsulting.net>
 <CAPWNY8WqB0fO=a_sNq5NezO7xh3-c4iO3gyoFUZXk5e7=v179w@mail.gmail.com>
 <3837fab8-05c2-4483-149e-07df4f69fcde@kilonet.net>
 <cf4ed0fd-e2d1-4b5d-0514-5500efb6f3f5@spamtrap.tnetconsulting.net>
From: Arthur Krewat <krewat@kilonet.net>
Message-ID: <53d47030-c120-bb51-00f2-20f0fc2c2d77@kilonet.net>
Date: Mon, 5 Nov 2018 17:43:53 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <cf4ed0fd-e2d1-4b5d-0514-5500efb6f3f5@spamtrap.tnetconsulting.net>
Content-Type: multipart/alternative;
 boundary="------------A50350ABA25B2A4BC2B17336"
Content-Language: en-US
X-CMAE-Envelope: MS4wfAGjeLJfHx3XbvgQBNuOfbs8VwnNdc+1K9XLv93o3PW9ZrnMyS9uNb7l+e6yQuoHb7w2vZmrxBkn6wSswuEgCLv4SGsMl2I3mZ4WhGdF2iOvfvuPI+CS
 i/CEs9Wuq3UI+TdGf+7DPatj3GIFxGO3vP9fEaR1g6sVURFUz4wclN5E
Subject: Re: [TUHS] YP / NIS / NIS+ / LDAP
X-BeenThere: tuhs@minnie.tuhs.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: The Unix Heritage Society mailing list <tuhs.minnie.tuhs.org>
List-Unsubscribe: <https://minnie.tuhs.org/cgi-bin/mailman/options/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=unsubscribe>
List-Archive: <http://minnie.tuhs.org/pipermail/tuhs/>
List-Post: <mailto:tuhs@minnie.tuhs.org>
List-Help: <mailto:tuhs-request@minnie.tuhs.org?subject=help>
List-Subscribe: <https://minnie.tuhs.org/cgi-bin/mailman/listinfo/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=subscribe>
Errors-To: tuhs-bounces@minnie.tuhs.org
Sender: "TUHS" <tuhs-bounces@minnie.tuhs.org>

This is a multi-part message in MIME format.
--------------A50350ABA25B2A4BC2B17336
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

On 11/5/2018 2:32 PM, Grant Taylor via TUHS wrote:
>
>> NIS+ was encrypted over the network, and needed a public key 
>> mechanism to authenticate clients. One of which was the server 
>> itself. With it's hierarchical architecture, it had a lot of 
>> flexibility.
>
> The encryption would thwart snooping.  But it doesn't sound like that 
> would prevent a properly authenticated client from ypcating too much 
> information.
Unless someone already replied and I didn't read it yet:

NIS/YP is different than NIS+. NIS/YP is the old protocol. You could 
basically bind to any server with the correct domain name, and look at 
all the maps including passwd with it's encrypted passwords.

NIS+ is the hierarchical, encrypted, clients-need-keys, protocol.

Almost two entirely different things. And "almost" is more like 
99.99999999999999999% different :)

ak

--------------A50350ABA25B2A4BC2B17336
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    On 11/5/2018 2:32 PM, Grant Taylor via TUHS wrote:<br>
    <blockquote type="cite"
cite="mid:cf4ed0fd-e2d1-4b5d-0514-5500efb6f3f5@spamtrap.tnetconsulting.net"><br>
      <blockquote type="cite" style="color: #000000;">NIS+ was encrypted
        over the network, and needed a public key mechanism to
        authenticate clients. One of which was the server itself. With
        it's hierarchical architecture, it had a lot of flexibility.
        <br>
      </blockquote>
      <br>
      The encryption would thwart snooping.  But it doesn't sound like
      that would prevent a properly authenticated client from ypcating
      too much information.
      <br>
    </blockquote>
    Unless someone already replied and I didn't read it yet:<br>
    <br>
    NIS/YP is different than NIS+. NIS/YP is the old protocol. You could
    basically bind to any server with the correct domain name, and look
    at all the maps including passwd with it's encrypted passwords.<br>
    <br>
    NIS+ is the hierarchical, encrypted, clients-need-keys, protocol. <br>
    <br>
    Almost two entirely different things. And "almost" is more like
    99.99999999999999999% different :)<br>
    <br>
    ak<br>
  </body>
</html>

--------------A50350ABA25B2A4BC2B17336--