[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Centralized /etc/passwd ?



* Paladin (paladin@paladin.dhis.org) [020624 16:00]:
> On 24 Jun 2002 15:01:47 -0500
> Ron Johnson <ron.l.johnson@cox.net> wrote:
> 
> >  I've heard that NIS isn't very robust.  Might LDAP be a better
> >  choice?  Or is there an important integration between NIS & NFS?
> 
> Funny... I think I've heard something about NFS being kind of
> "old"... I may be wrong though! :/
> 
> NIS & LDAP... I'm on the good track now! Thanks everyone! =)
> 
> BTW, what's more secure? Putting everything in the firewall PC or on

The general answer to this is that it's more secure to keep your
firewall machine as minimal as possible. The less it has on it, the
fewer possible holes there are.

> any other one that's inside the firewall? Another thing (I haven't
> got the time to read the documentation, I'm sorry...), can the root
> account be centralized too?

I don't know about this, but I'd urge that your firewall machine have
nothing to do with it: it should have its own local root account and
(probably) one local user account, and that's all. This is, of course,
idealism, and assumes that you have servers (or at least a server) to
spare. In my home network, I only have one always-on machine, so its
duties are slightly more expanded than the paranoid firewall should be.
Even with just one extra machine, it's easy to make one a stripped-down
firewall-only box and the other your all-serving internal box (which can
also run dmz-type services, such as web, mail, etc. via DNAT).

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"I disapprove of what you say, but I will defend to the death your right
to say it." --Beatrice Hall, The Friends of Voltaire, 1906

Attachment: pgpQNpt_0Voly.pgp
Description: PGP signature


Reply to: