From owner-freebsd-security@FreeBSD.ORG Tue May 27 11:30:27 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF89237B401 for ; Tue, 27 May 2003 11:30:27 -0700 (PDT) Received: from pan.gwi.net (pan.gwi.net [207.5.128.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C58443F3F for ; Tue, 27 May 2003 11:30:27 -0700 (PDT) (envelope-from ah60@httpsite.com) Received: from andy.gwi.net (blake.gwi.net [207.5.142.8]) by pan.gwi.net (8.12.6p2/8.12.6) with ESMTP id h4RIUQEL001489 for ; Tue, 27 May 2003 14:30:26 -0400 (EDT) (envelope-from ah60@httpsite.com) Message-ID: X-Mailer: XFMail 1.5.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200305271413.51090.fbsd@atyantik.net> X-System-Info-OS: FreeBSD 4.8-STABLE #0 X-System-Info-httpd: apache-1.3.27 X-System-Info-WM: windowmaker-0.80.2 X-System-Info-RT: rt-3-0-2 X-System-Info-DB: PostgreSQL-7.3.2 X-System-Info-Perl: v5.8.0 X-Homepage: http://www.nachoz.com X-PGP-Key: RSA-1024 http://www.nachoz.com/andy.pub Date: Tue, 27 May 2003 14:30:41 -0400 (EDT) Sender: aharriso@andy.gwi.net From: Andy Harrison To: freebsd-security@freebsd.org Subject: Re: multihost master.passwd sync X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 18:30:28 -0000 -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On 27-May-2003, Amit K. Rao wrote message "Re: multihost master.passwd sync" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > NIS [yp(8)] ? Lord no... even if you setup a backup nis server, an ailing master server can really screw up your day. I think I thought of a solution though. root cronjob to pgp encrypt the file, change perms so that it can be accessed by a user that is allowed to copy the file to the target host. The file is in encrypted using the public key of root the target machine, so only root on the target will be able to pgp extract the file. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPtOuz1PEkLgodAWVAQEupQQAhNGfV9yIg7jqM9D3VuPAfHy6XgcC0QnD hPx5J0+uZZy9mpfBGSjn930To+YUFBZp+h/JcfX80rBFdTs+gSXk/olug7EWkhNp 6Uk+HazQeSN7347Rn5Ln0Pcagiv/Ua3zwQuXISJKxmUnHecufkMrOyc9wMtPbDwL xmFl3gzrq38= =HAT1 -----END PGP SIGNATURE-----