From owner-freebsd-net Sat Dec 8 17:52:50 2001 Delivered-To: freebsd-net@freebsd.org Received: from a.mx.everquick.net (a.mx.everquick.net [216.89.137.3]) by hub.freebsd.org (Postfix) with ESMTP id 8078537B417 for ; Sat, 8 Dec 2001 17:52:46 -0800 (PST) Received: from localhost (eddy@localhost) by a.mx.everquick.net (8.11.6/8.10.2) with ESMTP id fB91qff07911 for ; Sun, 9 Dec 2001 01:52:41 GMT X-EverQuick-No-Abuse: Report any e-mail abuse to Date: Sun, 9 Dec 2001 01:52:40 +0000 (GMT) From: "E.B. Dreger" To: net@freebsd.org Subject: KRB5 + hacked portmap + ypserv Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Greetings all, I've been looking into running KRB5 and NIS. Alas, portmapped services are somewhat firewall-unfriendly, a la FTP. True, deny-by-default "keeps the bad guys out", but I can think of instances where one might want to allow selected access from specific IP addresses... It also seems logical to combine user/group info with KRB authentication. What about: * Portmapped services can be assigned to static UDP/TCP ports * KRB5 gets to play ypserv. Note that a beneficial side effect would be that we needn't worry about returning the shadow password map... KRB handles auth. It seems to me that a small amount of hacking might yield a single, centralized user management system that is friendly to firewalls. Anything like this exist? Any interest? Eddy P.S. -- I'm an NIS newbie. I'll take no offense if someone says that I need to be larted with a clue-by-four, as long as there's a bit of constructive criticism. :-) --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to , or you are likely to be blocked. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message