Re: NFS, password transparency, and security

To: Rob VanFleet <rvf@linux.wku.edu>
Cc: debian-security@lists.debian.org
Subject: Re: NFS, password transparency, and security
From: tony mancill <tony@mancill.com>
Date: Sun, 7 Apr 2002 21:22:12 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.44.0204072052240.20266-100000@bach>
In-reply-to: <[🔎] 20020407201426.A19814@ece.ubc.ca>

On Sun, 7 Apr 2002, Luca Filipozzi wrote:

> I suspect that if all your boxes are running Debian that your life will
> be made easier by all the Debian kerberos packages.

This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)?  It can be set
up in a mode that's called "opportunistic encryption" that will use IPsec
for communication when it's available and allow other traffic to proceed
as normal.  In this way, you won't care if things like LDAP (or even NIS)
pass passwords around in cleartext, just as long as the workstation <->
file-server or authentication server connections are encrypted.  Although
I haven't done it, you should be able to run the server services bound to
a specific IP that is only accessible via clients that have successfully
IPsec-attached.

0.02,
tony

  tony@mancill.com     |  An ounce of perception,
http://www.debian.org  |     a pound of obscure...
                       |        (Peart)

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: NFS, password transparency, and security
  - From: Luca Filipozzi <lfilipoz@debian.org>

References:
- Re: NFS, password transparency, and security
  - From: Luca Filipozzi <lfilipoz@debian.org>

Prev by Date: Re: NFS, password transparency, and security
Next by Date: Re: NFS, password transparency, and security
Previous by thread: Re: NFS, password transparency, and security
Next by thread: Re: NFS, password transparency, and security
Index(es):
- Date
- Thread