From owner-freebsd-security@FreeBSD.ORG  Tue May 27 12:41:45 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 36EB937B401
	for <FreeBSD-Security@freebsd.org>;
	Tue, 27 May 2003 12:41:45 -0700 (PDT)
Received: from home.ephemeron.org (66-215-220-216.riv-eres.charterpipeline.net
	[66.215.220.216])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D65B43FA3
	for <FreeBSD-Security@freebsd.org>;
	Tue, 27 May 2003 12:41:44 -0700 (PDT)
	(envelope-from bigby@ephemeron.org)
Received: from home.ephemeron.org (localhost [127.0.0.1])
	by home.ephemeron.org (8.12.6/8.12.6) with ESMTP id h4RJfcrO038961;
	Tue, 27 May 2003 12:41:38 -0700 (PDT)
	(envelope-from bigby@ephemeron.org)
Received: from localhost (bigby@localhost)h4RJfcbq038956;
	Tue, 27 May 2003 12:41:38 -0700 (PDT)
X-Authentication-Warning: home.ephemeron.org: bigby owned process doing -bs
Date: Tue, 27 May 2003 12:41:37 -0700 (PDT)
From: Bigby Findrake <bigby@ephemeron.org>
To: Eric Anderson <anderson@centtech.com>
In-Reply-To: <3ED3BE9E.60407@centtech.com>
Message-ID: <Pine.BSF.4.44.0305271240300.15643-100000@home.ephemeron.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: FreeBSD Security <FreeBSD-Security@freebsd.org>
Subject: Re: multihost master.passwd sync
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2003 19:41:45 -0000

On Tue, 27 May 2003, Eric Anderson wrote:

> Andy Harrison wrote:
> >>>>The problem is that while it allows authentication, it doesn't integrate
> >>>>seamlessly allowing you to own files as a user that only exists in the
> >>>>ldap.
> >>>
> >>>Huh?  Explain more please..
> >>
> >
> > I was told that if the user isn't in the passwd file physically, they can't own
> > files on the local server.  I've run into this personally with radius, I can't
> > speak with authority on ldap and pam integration.
>
> Oh, ok.. Well, I *believe* that is incorrect.. Should work fine
> (specially with nss_ldap stuff in FreeBSD-5.1, etc)..

NIS is a perfect example of how users not in the password file can own
files on a machine.


/-------------------------------------------------------------------------/
"I've tried to install this linux crap about nearly five times, but everytime 
it stops with the error message: 'login:'
Fix that immediately or I'll go public with that." -- some random moron

		      http://ephemeron.org:81/~bigby/
		    finger bigby@ephemeron.org for info
/-------------------------------------------------------------------------/