Hi,
Thanks to all who replied. Looks like I need to search further. Here's
what I've received so far:
First, the original message:
>I've been looking for a way to protect some of our non-public
>files so that some of the more curious folks and techno-crazies will
>only get a screen full of garbage when doing a cat of say, the
>passwd file, including a crypted field instead of a user name.
>Have also looked into a restricted shell but it's really is too
>restrictive and doesn't fit our needs. We'd prefer to do this outside
>of Enhanced Security since there are 1400+ user accounts and it would
>be a major chore to redo all the accounts under Enhanced Security. Not
>enough time, staff, money etc.
>Any ideas on this?
>Our sys-config:
===============
>OSF1 V3.2 214 alpha (DEC Unix) - DEC 3000/600
===================================================
>From hagan_at_oec.com Thu Jul 13 08:24:30 1995
what i would do is this:
* fire up a known secure host (only admins can log in)
this can be almost anything, decstation, alpha,
old SCO box, sun, aix machine, whatever.
* run it as a YP/NIS
* setup the other machines as clients to that one
this will give you very short password
files with the line +: at the end.
* depermit/remove all of the yp client programs (except
ypbind).
This will prevent people from seeing your password
file.
-- craig
=================================================
>From cstrmr_at_staffs.ac.uk Thu Jul 13 08:24:37 1995
There isn't really much hassle associated with switching to Enhanced
Security - maybe a good deal less than you think. All the C2 files are
created for you automatically; the users may moan that they are then
forced to change their passwords next time they log in, but you don't
have to do it for them. The only real hassle may be if you're running
a lot of third party daemons etc., that will need to be modified to
use the C2 database. That's not difficult, once you've done one or
two, just a little time-consuming.
Richard
-----------------------------------
Richard M Rogers
Computing Services
Staffordshire University
Tel. 01785 (+44 1785) 353396
E-mail: R.M.Rogers_at_staffs.ac.uk or cstrmr_at_staffs.ac.uk
==================================================
Yours in chaos,
Robby J. Robinson
Tech Support Specialist
NH Technical College System
r_robins_at_tec.nh.us
Received on Tue Jul 18 1995 - 15:46:56 NZST