Date: Mon, 12 Apr 2004 16:48:11 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: OS X and FreeBSD: What could be a good setup Message-ID: <B64FECE4-8CC2-11D8-8582-000A956D2452@chrononomicon.com> In-Reply-To: <407AEA88.90401@mac.com> References: <E6F31F15-8954-11D8-A222-000A956D2452@chrononomicon.com> <407AEA88.90401@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 12, 2004, at 3:14 PM, Chuck Swiger wrote: > Bart Silverstrim wrote: > [ ... ] >> I'm looking at using FreeBSD on a server (web, mail, file server) >> with OS X, Windows, and probably Linux clients. I'd like the FreeBSD >> server to handle authentication, but that may be a pipe dream to >> accomplish across platforms easily :-/ > > LDAP would be the way to go given the platforms you mention, although > NIS would work for everything but Windows and would be much easier to > set up. > I suppose this would leave Windows 9x out of the loop :-) I did see where pGINA was making strides for XP/NT2K, though, to make LDAP authentication simpler... > [ ... ] >> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone >> able to tell me if CIFS is secure "over the wire". I seem to recall >> a utility that would sniff network packets and if NFS is used, it can >> capture the files as they're travelling over the network; can this >> happen with CIFS? > > Oh, yes: unless you use an encrypted tunnelling protocol like a VPN or > an SSH tunnel, pretty much all filesharing protocols are vulnerable to > subnet-local sniffing. Using strong encryption when using wireless is > a fine idea. :-) > VPN would be a little strong to use for client->wap, though, wouldn't it? I have used VPN's for WAP<->WAP bridges, but not for a notebook computer to a WAP. What I HAVE used is SSH, to create a redirected series of ports. That's reasonably simple to open on a notebook. BUT I don't know how (or even *if*) it could be used to redirect CIFS connections. How come NFS got such heavy flak for insecurity when CIFS also transfers in clear text over the wire? Just curious...perhaps it's easier to misconfigure to allow mounts that people didn't mean to mount (although the same could be said of being able to mount C$ without the user on the machine knowing it...) -Bart
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B64FECE4-8CC2-11D8-8582-000A956D2452>