Date: Fri, 6 Apr 2001 01:07:11 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Ben" <ben@stonehenge-net.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: SSHD Problems... Message-ID: <001c01c0be70$956f7c60$1401a8c0@tedm.placo.com> In-Reply-To: <3ACD6932.A654FB@stonehenge-net.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Why is it wrong/bad to use Apache? Why is it wrong/bad to use HylaFAX? The answer is, it's not. Neither is it wrong/bad to be more secure. But, Apache and HylaFAX are not forced on you by being installed and activated by default in sysinstall, as part of the FreeBSD installation program. Why do I want them shut off? Well, in the case of sshd, I don't mind that it's there or available, but I do mind that when I install a fresh FreeBSD copy on a slower machine that on initial boot, the system is frozen for several minutes while it's generating keys for something that I won't use. Very sloppy. As far as MD5 passwords go, that's a lot more serious. In one net I use a mix of Solaris and FreeBSD. The Solaris I use won't read MD5 passwords. If I allow the FreeBSD system to start encrypting passwords based on MD5, then I'll never ever be able to copy the password file from FreeBSD to a Solaris box ever again. It's one thing to repair a software defect that creates a security hole in FreeBSD (like the named problem) It's another to change around FreeBSD in a fundamental way just to support someone's pet security system (like Kerberos does) Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Ben >Sent: Thursday, April 05, 2001 11:59 PM >To: Ted Mittelstaedt; freebsd-questions@FreeBSD.ORG >Subject: Re: SSHD Problems... > > >ok, i'll bite. why is it wrong/bad to be more secure? you keep >saying that >you don't want security features on your machine... why not? why >do you turn >them off? how are they in your way? > >Ted Mittelstaedt wrote:There's nothing wrong with adding ssh, pam, >Kerberos, >tcpwrappers, yadda, > >> yadda, yadda into FreeBSD. But, there something VERY wrong when all that >> crap is switched ON by default, and after I install FreeBSD I >have to waste >> many minutes switching it off. I also didn't appreciate the automatic >> assumption that all FreeBSD installers _want_ MD5 encrypted >passwords, the >> change of which was made some time ago. >> >> Let all the people that want all the security features switched on go >> to the trouble of turning them on. >> >> Ted Mittelstaedt tedm@toybox.placo.com >> Author of: The FreeBSD Corporate Networker's Guide >> Book website: http://www.freebsd-corp-net-guide.com >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c01c0be70$956f7c60$1401a8c0>