Re: NFS, password transparency, and security
On Sun, Apr 07, 2002 at 09:22:12PM -0700, tony mancill wrote:
> What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set
> up in a mode that's called "opportunistic encryption" that will use IPsec
> for communication when it's available and allow other traffic to proceed
> as normal. In this way, you won't care if things like LDAP (or even NIS)
> pass passwords around in cleartext, just as long as the workstation <->
> file-server or authentication server connections are encrypted. Although
> I haven't done it, you should be able to run the server services bound to
> a specific IP that is only accessible via clients that have successfully
> IPsec-attached.
For the NFS traffic, opportunistic encryption seems like a very
intersting idea.
There's no way I would use libpam-ldap without knowing *for certain*
that it was going over a TLS/SSL connection, however.
Luca
--
Luca Filipozzi, Debian Developer
[dpkg] We are the apt. You will be packaged. Comply.
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: