From owner-freebsd-security  Wed Nov  7 19:47:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from post2.inre.asu.edu (post2.inre.asu.edu [129.219.110.73])
	by hub.freebsd.org (Postfix) with ESMTP id E70E437B416
	for <security@freebsd.org>; Wed,  7 Nov 2001 19:47:36 -0800 (PST)
Received: from conversion.post2.inre.asu.edu by asu.edu (PMDF V6.1 #40111)
 id <0GMG00D01QJCWU@asu.edu> for security@freebsd.org; Wed,
 07 Nov 2001 20:47:36 -0700 (MST)
Received: from smtp.asu.edu (smtp.asu.edu [129.219.13.92])
 by asu.edu (PMDF V6.1 #40111) with ESMTP id <0GMG00D3BQJCPC@asu.edu> for
 security@freebsd.org; Wed, 07 Nov 2001 20:47:36 -0700 (MST)
Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.120.183])
	by smtp.asu.edu (8.9.3/8.9.3) with ESMTP id UAA03985	for
 <security@freebsd.org>; Wed, 07 Nov 2001 20:47:36 -0700 (MST)
Date: Wed, 07 Nov 2001 20:47:35 -0700 (MST)
From: David Bear <David.Bear@asu.edu>
Subject: NIS, rsync, and LDAP Re: sharing /etc/passwd
In-reply-to: <20011107223549.B80839-100000@topperwein.dyndns.org>
X-X-Sender: <iddwb@moroni.pp.asu.edu>
To: security@freebsd.org
Message-id: <Pine.LNX.4.33.0111072043550.24824-100000@moroni.pp.asu.edu>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 7 Nov 2001, Chris BeHanna wrote:

>
> On Wed, 7 Nov 2001, David Bear wrote:
>
> >
> > I need to sync /etc/passwd and /etc/group among multiple machines.  I was
> > thinking ldap would be a good method but am concerned about
> >
> > 1) the most secure way to do it
> > 2) the most stable
> > 3) things I don't know about this but should...
> >
> > any pointers to man pages/docs would be appreciated.
>
>     NIS is the standard way to do this.  I dunno if FreeBSD supports
> NIS+, which buys you encryption when the maps are pushed from masters
> to slaves, and for ypbind queries to ypserv (standard NIS does this in
> cleartext).
>

other recommendations include ldap_pam and rsync.

Thanks for the suggestions.  I was not even considering NIS becuase of
what I have heard about security issue with it.  I live in a completely
untrusted network.  So, it really needs to be safe.

It would be nice to be able to share /etc/passwd between Linux and Freebsd
-- so some layer of abstraction like an ldap_pam would be great.  I didn't
know ldap pam existed.  I'll look into it.

any other pointers?


>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message