Re: NFS, password transparency, and security
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
> Two choices for authentication (passwd + shadow):
> (1) Kerberos
> Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at leaves the
impressions that it is ridiculously complicated to set up and requires
multiple servers. If someone has used it and can correct me, please do.
> (2) LDAP
> Use LDAP (recompile --with-tls flag) + libpam-ldap + libnss-ldap to do
> the equivalent of NIS but securely.
Without using SSL or Kerberos, would LDAP still be sending passwords
across the net in plain text?
[...]
> Several choices for file sharing:
> (1) NFS + iptables + tcpwrappers
Doing that right now.
> (2) SFS (see sfs-server sfs-client packages and www.fs.net)
> Requires users to authenticate against the file server, also.
> Consider using libpam-sfs (I'm rewriting it as we speak.)
> (3) OpenAFS (see openafs-fileserver + openafs-client)
> Also requirres users to authenticate against the file server, but
> when used in a Kerberos environment, you only have to logon once due
> to Kerberos' ticket-granting system.
Both of these sound very promising. I had heard of AFS before, but not
SFS. I'll have to research them further. I'll probably have even more
questions after that though. :)
> Hope this (probably incomplete) list helps,
Immensely. Thanks for the information.
Rob
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: