From owner-freebsd-security  Thu Apr 11 15:59:17 2002
Delivered-To: freebsd-security@freebsd.org
Received: from verniernetworks.com (dns.verniernetworks.com [65.192.41.225])
	by hub.freebsd.org (Postfix) with ESMTP id 9D92B37B417
	for <security@FreeBSD.ORG>; Thu, 11 Apr 2002 15:59:14 -0700 (PDT)
Received: from lobo (localhost [127.0.0.1])
	by verniernetworks.com (8.11.6/8.11.0) with SMTP id g3BMwqq65561;
	Thu, 11 Apr 2002 15:58:52 -0700 (PDT)
	(envelope-from lance@verniernetworks.com)
Message-ID: <033b01c1e1ac$73111b50$880aa8c0@lancetest.com>
From: "Lance Uyehara" <lance@verniernetworks.com>
To: "Benjamin Krueger" <benjamin@macguire.net>,
	"Roger Marquis" <marquis@roble.com>
Cc: <security@FreeBSD.ORG>
References: <20020411081813.H55087-100000@roble.com> <20020411153018.A9962@rain.macguire.net>
Subject: Re: Centralized authentication
Date: Thu, 11 Apr 2002 15:58:52 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> * Roger Marquis (marquis@roble.com) [020411 08:26]:
> > faSty <fasty@i-sphere.com> wrote:
> > >I dont see any NIS or NIS+ on handbook. I tried setup the NIS+
> > >and I am not experience with these feature. anyone can point
> > >where the HOWTO NIS or NIS+?
> >
> > Try a web search (via Google or any other search engine).  I found
> > several good links from a query using "nis" and "howto".  There's
> > also 'man -k yp' or, more specifically `man -k yp|grep ^yp'.
> >
> > `man ypinit` might be a good place to start.
> >
> > --
> > Roger Marquis
> > Roble Systems Consulting
> > http://www.roble.com/
>
> Folks following this discussion might also be interested in the following
> article which describes a mechanism for authenticating unix clients in an
> Active Directory environment.
>
> http://online.securityfocus.com/infocus/1563

If you are going to use LDAP + AD for authentication, AD does not send back
the user password in any form. So you can not use anonymous, or
rootdn/rootpw for your bind. You must use the cn or samAccountName + the
user password. Normal LDAP (port 389) will send the password in the clear,
so to effectively use this you must use LDAPS (port 636).

-Lance



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message