From owner-freebsd-questions Thu Apr 5 3:26:51 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id 6BB3737B443 for ; Thu, 5 Apr 2001 03:26:48 -0700 (PDT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Thu, 5 Apr 2001 11:26:40 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 14l6wV-0003rO-00; Thu, 05 Apr 2001 11:24:43 +0100 Date: Thu, 5 Apr 2001 11:24:42 +0100 (BST) From: Jan Grant To: Ted Mittelstaedt Cc: freebsd-questions Subject: RE: SSHD Problems... In-Reply-To: <000701c0bd93$f3a6a200$1401a8c0@tedm.placo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 4 Apr 2001, Ted Mittelstaedt wrote: > This is a shame because > the entire UNIX philosophy is one of simplicity is beauty. (or > at least _was_) Nope, it _was_ "keep it simple rather than right" or even "how do we get this thing to run space war?" :-) > [The 'security people'] are already well on the way to > making OpenBSD into a BSD UNIX that is impossible for ordinary > people to use, and FreeBSD is next on the list. You raise an important point, and that is that security (and crypto, even more so) is hard to understand. It's complicated. Unfortunately, it's likely to stay that way too, for quite some time. There is no crypto conspiracy, however. > Lest you laugh, let me point out that besides ssh, kerberos, pam, > login levels and all this security crap that has been developed, > there has been an enormous amount of OTHER non-security UNIX software > that has been developed in the last 5 years. However, things like > apache are still NOT standard items in a FreeBSD install, they are > add-on, because people recognize that they are additional things that > are not needed in all FreeBSD installs. The difference here is that PAM and login levels are part of the base system because they need integration at that level. Kerberos and ssh are system utilities that can be built on top, true. I'm less convinced of the necessity of kerberos (it needs a lot of in-depth understanding to get right, like most sysadmin tasks) but ssh is becoming a requirement. I'd rather have it maintained and built as part of my buildworld cycle, though, than have to look after it myself. > Yet, all the security stuff > _is_ deemed absolutely critical It's becoming so in this day and age. Sysadmin is about understanding your environment and setting up your systems appropriately. If you don't need it, turn it off. > Don't you see a disconnection from reality > here? Uhh, yeah, but probably not the same one that you do. Chill. jan PS. I can't believe I just said "chill". Yech. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk If it's broken really badly - don't fix it either. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message