Hi Unfortunately, I'm not an expert on this sort of thing. Ipspoofing and nfs seem to have not been overcome yet, so stay up on patches is about all you can do. I like your ideas, but there's that nasty attack. Plus, what happens if your "password server" craps out? Then everyone's locked out of everywhere or your wide open (I'm not sure which, but it seems like the latter). Yeouch. When making these decisions here, I decided nfs was a risk I was willing to take for user files, but not system files (of course, I only implemented it 3/4 of the way and now have to go back and finish the job). The functionality was too good for the users to deny it (AKA boss said it's to stay on). NIS was never a risk I was willing to take as it has had zillions of holes since day 1 and I only have a few machines. My answer was to keep a file with a list of hostnames in it and run something like this (sort of my own NIS): #!/bin/csh echo "Enter password:\c" set pwd=$< foreach machine (`cat hostfile`) echo "user root\npassword $pwd\nput /etc/passwd /etc/passwd\nquit"| ftp $machine end As long as hostfile is uptodate, which I use for other things, it takes care of the problem and to attack this, you'd have to be here when it's run. Of course, the ftp vulnerabilities are forcing me to scp, which I haven't done yet, but once this is in place, adding users is a snap. It takes less than a minute to update all machines. Their home directories are all nfs'd to the same place on each machine, so the password file looks the same on all machines. Not so any longer since I now have Irix, Linux, and winders, but this doesn't pose any insurmountable problems for the script I still need to write. Each OS is self-contained. Ed