>Also, this is totally not true. They have to be >connected to the network, Find unused wall jack, CHECK >know your NIS domain name, If you have access to one machine (even just a user) that is not too hard to get.... CHECK >and_ be spoofing as a machine on your network, >or _directly_ on whatever subnet you've added to your >securenets file. run nmap(even just as a user) on the subnet, find unused IP and you are good to go (who has the time/effort to spend inputting individual IPs into the securenets file?) CHECK I am not bashing NIS, actually i like NIS, but there but as i used it more i found some problems... i am not saying that these problems need fixing because them we would be relying on a microsoft to do it for us... i am just saying that in a Typical Networked Environment one should be warned: Even when using shadows it is not automagically most secure. just more secure. -munir