From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 12 07:30:59 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C0C6316A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 12 Apr 2004 07:30:59 -0700 (PDT)
Received: from smtp.infracaninophile.co.uk
	(happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4E1CB43D31
	for <freebsd-questions@freebsd.org>;
	Mon, 12 Apr 2004 07:30:58 -0700 (PDT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk
	(localhost.infracaninophile.co.uk [IPv6:::1])i3CEUgYT067434
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 12 Apr 2004 15:30:42 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)id i3CEUgoX067433;
	Mon, 12 Apr 2004 15:30:42 +0100 (BST)	(envelope-from matthew)
Date: Mon, 12 Apr 2004 15:30:42 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Bart Silverstrim <bsilver@chrononomicon.com>
Message-ID: <20040412143042.GA67287@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Bart Silverstrim <bsilver@chrononomicon.com>,
	FreeBSD Questions <freebsd-questions@freebsd.org>
References: <E6F31F15-8954-11D8-A222-000A956D2452@chrononomicon.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0"
Content-Disposition: inline
In-Reply-To: <E6F31F15-8954-11D8-A222-000A956D2452@chrononomicon.com>
User-Agent: Mutt/1.5.6i
X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Scanned: clamd / ClamAV version devel-20040407, clamav-milter version
	0.70g
cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: OS X and FreeBSD: What could be a good setup
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2004 14:31:00 -0000


--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 08, 2004 at 08:04:35AM -0400, Bart Silverstrim wrote:

> See, this is part of where I was getting a little munged up in trying=20
> to figure out how I want to aim for renetworking my home...
>=20
> I'm looking at using FreeBSD on a server (web, mail, file server) with=20
> OS X, Windows, and probably Linux clients.  I'd like the FreeBSD server=
=20
> to handle authentication, but that may be a pipe dream to accomplish=20
> across platforms easily :-/

Some sort of LDAP + Kerberos setup should do the trick.  You can (in
theory) use Samba 3.0.x as an Active Directory server for the Windows
machines, and all the Unix-oid machines can use pam_krb and nss_ldap
(or whatever the equivalents under MacOS X are).
=20
> For the file serving I was looking at NFS (especially using the NFS=20
> server with Services for Unix under Windows), but the common=20
> cross-platform version may too insecure to use comfortably, especially=20
> with wireless (most of my wireless connections are wrapped in ssh if=20
> they're important anyway).

If you're that worried about WEP not being secure enough, you could
wrap the NFS connections in ipsec instead.  It might have a bit of a
performance impact though.
=20
> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone=20
> able to tell me if CIFS is secure "over the wire".  I seem to recall a=20
> utility that would sniff network packets and if NFS is used, it can=20
> capture the files as they're travelling over the network; can this=20
> happen with CIFS?

No -- Samba would send packets over the wire in clear text, unless
specifically configured to do otherwise.
=20
> I would really rather NOT use mixed protocols to share; NFS for=20
> Linux/OS X, CIFS for Windows...then I'd have increased overhead to=20
> managing permissions, etc...

Actually, if you run your whole system out of the same LDAP directory
structure, you users will have shared credentials over all your
machines.  There shouldn't be any extra work involved in trying to
manage permissions and ownerships.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAeqgSdtESqEQa7a0RAsMvAJ9kNDs3zMqoazAXmhGtimehJGU/WwCfcb8Q
wDAgWlksO9r1F+Q9FWtQdBk=
=Ippz
-----END PGP SIGNATURE-----

--k+w/mQv8wyuph6w0--