Re: NIS/NFS alternatives?
In article <[🔎] 1002296006.26186.2.camel@magnesium.dyndns.org>,
Greg Fischer <gfischer4@mediaone.net> wrote:
>I'm administrating a network of Debian potato machines using NIS/NFS at
>a small high school right now. We're behind a pretty beefy firewall,
>but I still know it's not very secure. I couldn't get LDAP
>authentication working and I only had 2 days to do the whole thing.
>Probably at the end of the year, I am going to upgrade the lab to woody
>(which will hopefully be stable) and reconsider
>filesharing/authentication. I'd like each user to be able to sit down
>at any workstation and be able to access their files. Any ideas?
Well, do you know the background behind this? Why do you think NIS
and NFS are insecure? Because someone told you? Why do you think
LDAP is more secure (without SSL, it's *way less* secure - plaintext
passwords over the wire!).
I wouldn't worry too much about NIS and NFS abuse from the 'outside'-
if you set up both properly that can only be accessed from within
the local network anyway. So it's the local network you should be
worried about,
Do random people have access to the ethernet and can they plug
in their own machines? Do you use hubs or switches? Do users
have root access on their 'own' workstation?
Once you can answer these questions, you can make an informed
decision about what is and what isn't secure.
Mike.
--
Move sig.
Reply to: