[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About how to protect network resources in LDAP environment?



Zaar Hai wrote:
On Fri, Aug 27, 2010 at 7:06 PM, Min Wang <ser.basis@gmail.com> wrote:
user1 can log in as local root on Linux PC1,
Even though as root, user1 can not rm /home/user2,
but he can su - user2 on Linux PC1 then rm something.
You need NFS4 with gssapi. This way to access someone's file you need
an appropriate (his) credentials from KDC (which will be hosted near
by your LDAP server).

Hi
thanks.  I'm totally a newbie to this nfs4/gssapi/kerberos.

(1) does this approach

prevent user1-> root ( su-> ) user2?

(2) Or we need to change to use Kerberos instead of LDAP/PAM?

(3) And In the kerberosized environment,can the local root su to networked user2?



kind regards

Min Wang


Reply to: