Re: ldap

To: debian-isp@lists.debian.org
Subject: Re: ldap
From: "Rod Rodolico" <stargazer@dailydata.net>
Date: Thu, 25 Mar 2004 11:39:47 -0600 (CST)
Message-id: <[🔎] 28939.68.88.207.146.1080236387.squirrel@client.dailydata.net>
Reply-to: stargazer@dailydata.net
In-reply-to: <[🔎] 4062C53B.1090302@restoel.net>
References: <[🔎] 200403241602.i2OG2BR20880@mail.goodnews.net> <[🔎] 22422.68.88.207.146.1080145517.squirrel@client.dailydata.net> <[🔎] 4061C9E4.6070103@restoel.net> <[🔎] 1031510093.1080154339@d216-220-25-60.dynip.modwest.com> <[🔎] 4062C53B.1090302@restoel.net>

Ok, then I'll just stay with what I want until I put up a mirror server later this year.
Sounds like ldap would help in managing that.

Thanks a lot for all the input.

Rod


> That's true, I hadn't thought of that. Actually it's the disabling of
> user shell access that brings that security. But has nothing to do with
> using db, nsswitch. So the real advantage is distribution (as Fraser
> wrote) and not security.  Sorry Rod, I must have been a bit confused
> yesterday..
>
> Michael
>
> Michael Loftis wrote:
>
>> local means 'can get shell and/or otherwise get machine to execute
>> stuff we want to execute'
>>
>> has nothing to do with /etc/passwd, ldap, nis, mysql, or anything.
>> all they need is a hole that allows them to execute something.
>>
>> --On Wednesday, March 24, 2004 17:48 +0000 mimo <mimo@restoel.net> wrote:
>>
>>> Maybe I'm off topic. WHere do you keep your user accounts at the moment?
>>> are they all local users?
>>> Most exploits and vulnerabilities are local -- they only apply to your
>>> machine if you have (other) local users. So it's more secure to have
>>> "virtual" users via nsswitch / pam /etc and some db (ldap, mysql
>>> preferably).
>>> There are more reasons - but this is the most compelling one I think.
>>>
>>> Michael Moritz
>>>
>>> Rod Rodolico wrote:
>>>
>>>> ok, this is a basic question. I am a small IPP (60 domains, 200 users)
>>>> and I see a lot of stuff about ldap. I searched the web and got some
>>>> basic info on what it does, but the big question is, how would it be
>>>> helpful to me? I also run MySQL services, but mainly the server does
>>>> smtp, imap, pop, http and dns (exim, courier, apache and bind). One
>>>> box,
>>>> 200 users, is there any reason I should consider dns?
>>>>
>>>> BTW, I also maintain three other web servers for people and use them
>>>> all
>>>> as backup servers (using rsync) for each other, but I guess that is not
>>>> part of the issue here.
>>>>
>>>> Thanks,
>>>>
>>>> Rod
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Please note that this account is being filtered using anti UCE systems.
>>> If you send email to this account make sure that it could not be
>>> mistaken
>>> as UCE.
>>>
>>>
>>> --
>>> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
>>> with a subject of "unsubscribe". Trouble? Contact
>>> listmaster@lists.debian.org
>>>
>>>
>>>
>>
>>
>>
>> --
>> Michael Loftis
>> Modwest Sr. Systems Administrator
>> Powerful, Affordable Web Hosting
>> GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
>>
>
>
> --
> Please note that this account is being filtered using anti UCE systems. If you send email to
> this account make sure that it could not be mistaken as UCE.
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>


-- 
Latest survey shows that 3 out of 4 people make up 75% of the world's population.

Reply to:

References:
- Re: Jesus Help Me !
  - From: wagnerc@plebeian.com (Chris Wagner)
- ldap
  - From: "Rod Rodolico" <stargazer@dailydata.net>
- Re: ldap
  - From: mimo <mimo@restoel.net>
- Re: ldap
  - From: Michael Loftis <mloftis@modwest.com>
- Re: ldap
  - From: mimo <mimo@restoel.net>

Prev by Date: RE: Sendmail & access restrictions
Next by Date: Re: Sendmail & access restrictions
Previous by thread: Re: ldap
Next by thread: Re: Re: Jesus Help Me !
Index(es):
- Date
- Thread