From owner-freebsd-security  Thu Nov  8  3: 1:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from topperwein.dyndns.org (acs-24-154-28-168.zoominternet.net [24.154.28.168])
	by hub.freebsd.org (Postfix) with ESMTP id 0818937B421
	for <security@freebsd.org>; Thu,  8 Nov 2001 03:01:20 -0800 (PST)
Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10])
	by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id fA8B1hF29236
	for <security@freebsd.org>; Thu, 8 Nov 2001 06:01:43 -0500 (EST)
	(envelope-from behanna@zbzoom.net)
Date: Thu, 8 Nov 2001 06:01:38 -0500 (EST)
From: Chris BeHanna <behanna@zbzoom.net>
Reply-To: Chris BeHanna <behanna@zbzoom.net>
To: <security@freebsd.org>
Subject: Re: NIS, rsync, and LDAP Re: sharing /etc/passwd
In-Reply-To: <20011107211926.A28670@hq.newdream.net>
Message-ID: <20011108060035.E29102-100000@topperwein.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 7 Nov 2001, Will Yardley wrote:

> Jim Flowers wrote:
>
> > > It would be nice to be able to share /etc/passwd between Linux and
> > > Freebsd -- so some layer of abstraction like an ldap_pam would be
> > > great.  I didn't know ldap pam existed.  I'll look into it.
>
> > An advantage of Kerberos, perhaps?
>
> we use the same database for multiple platforms by storing everything in
> a mysql database and then using a perl script to create the password
> files and push them onto the machines (and create the passwd db files
> for freebsd of course).
>
> perhaps not as elegant or complicated as ldap or kerberos, but it is
> pretty effective, and pretty secure since scp is used to copy the files
> from the controller machines.

    This sounds pretty cool, although you should go to the dsniff home
page and read what the guy has to say about defeating ssh/scp.

-- 
Chris BeHanna
Software Engineer                   (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message