[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ldap

local means 'can get shell and/or otherwise get machine to execute stuff we want to execute'

has nothing to do with /etc/passwd, ldap, nis, mysql, or anything. all they need is a hole that allows them to execute something.

--On Wednesday, March 24, 2004 17:48 +0000 mimo <mimo@restoel.net> wrote:

Maybe I'm off topic. WHere do you keep your user accounts at the moment?
are they all local users?
Most exploits and vulnerabilities are local -- they only apply to your
machine if you have (other) local users. So it's more secure to have
"virtual" users via nsswitch / pam /etc and some db (ldap, mysql
There are more reasons - but this is the most compelling one I think.

Michael Moritz

Rod Rodolico wrote:

ok, this is a basic question. I am a small IPP (60 domains, 200 users)
and I see a lot of stuff about ldap. I searched the web and got some
basic info on what it does, but the big question is, how would it be
helpful to me? I also run MySQL services, but mainly the server does
smtp, imap, pop, http and dns (exim, courier, apache and bind). One box,
200 users, is there any reason I should consider dns?

BTW, I also maintain three other web servers for people and use them all
as backup servers (using rsync) for each other, but I guess that is not
part of the issue here.



Please note that this account is being filtered using anti UCE systems.
If you send email to this account make sure that it could not be mistaken
as UCE.

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Michael Loftis
Modwest Sr. Systems Administrator
Powerful, Affordable Web Hosting
GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E

Reply to: