From owner-freebsd-questions Mon Dec 13 20:26:59 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 0099514A27 for ; Mon, 13 Dec 1999 20:26:57 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id XAA75895; Mon, 13 Dec 1999 23:29:20 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199912140429.XAA75895@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Merging 2 servers? In-Reply-To: <87ln6ydzul.fsf@main.wgaf.net> from Arcady Genkin at "Dec 13, 1999 09:24:02 pm" To: a.genkin@utoronto.ca (Arcady Genkin) Date: Mon, 13 Dec 1999 23:29:20 -0500 (EST) Cc: freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Arcady Genkin wrote, > "Crist J. Clark" writes: > > > Before you even consider NIS or NFS, I think you need to think about > > your security model. I would guess every student in the building does > > not physically use these machines, but rather there is some LAN the > > teachers and students connect too? With NIS/NFS, if one host on the > > network is comprimised... Game over. Or if some bright pre-teen brings > > in a laptop and plugs it in to the LAN, they gotcha. Want students to > > be able to read each others' mail or *gasp* the teachers' mail and > > files? (And do you really trust all of those teachers too? ;) > > Could you elaborate on how a kid with a laptop would be able to > compromise the above setup? Well, we all know NFS _really_ stands for No F***ing Security, right? Information is transfered unencrypted and authetication is by IP address alone. Anyone who can sniff the LAN and spoof IP packets can have their way with you. So... anyone with a laptop that can plug into the LAN can sniff the tracffic and see who is talking. From there, spoof one of the machines that you overheard and the rest is history. As for NIS? Well, information is transfered unencrypted and authentication is by IP address alone. Yada-yada... you know the rest. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message