Date: Sun, 9 Dec 2001 01:52:40 +0000 (GMT) From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net> To: net@freebsd.org Subject: KRB5 + hacked portmap + ypserv Message-ID: <Pine.LNX.4.20.0112090135280.7839-100000@www.everquick.net>
next in thread | raw e-mail | index | archive | help
Greetings all, I've been looking into running KRB5 and NIS. Alas, portmapped services are somewhat firewall-unfriendly, a la FTP. True, deny-by-default "keeps the bad guys out", but I can think of instances where one might want to allow selected access from specific IP addresses... It also seems logical to combine user/group info with KRB authentication. What about: * Portmapped services can be assigned to static UDP/TCP ports * KRB5 gets to play ypserv. Note that a beneficial side effect would be that we needn't worry about returning the shadow password map... KRB handles auth. It seems to me that a small amount of hacking might yield a single, centralized user management system that is friendly to firewalls. Anything like this exist? Any interest? Eddy P.S. -- I'm an NIS newbie. I'll take no offense if someone says that I need to be larted with a clue-by-four, as long as there's a bit of constructive criticism. :-) --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.20.0112090135280.7839-100000>