From owner-freebsd-questions@FreeBSD.ORG Mon Apr 12 13:48:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E42216B719 for ; Mon, 12 Apr 2004 13:48:21 -0700 (PDT) Received: from destiny.chrononomicon.com (mail.chrononomicon.com [65.193.73.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D1E543D46 for ; Mon, 12 Apr 2004 13:48:20 -0700 (PDT) (envelope-from bsilver@chrononomicon.com) Received: from [IPv6:::1] (destiny.chrononomicon.com [192.168.1.42]) by destiny.chrononomicon.com (Postfix) with ESMTP id 0E0331FDFF for ; Mon, 12 Apr 2004 16:48:12 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <407AEA88.90401@mac.com> References: <407AEA88.90401@mac.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Mon, 12 Apr 2004 16:48:11 -0400 To: FreeBSD Questions X-Mailer: Apple Mail (2.613) Subject: Re: OS X and FreeBSD: What could be a good setup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2004 20:48:21 -0000 On Apr 12, 2004, at 3:14 PM, Chuck Swiger wrote: > Bart Silverstrim wrote: > [ ... ] >> I'm looking at using FreeBSD on a server (web, mail, file server) >> with OS X, Windows, and probably Linux clients. I'd like the FreeBSD >> server to handle authentication, but that may be a pipe dream to >> accomplish across platforms easily :-/ > > LDAP would be the way to go given the platforms you mention, although > NIS would work for everything but Windows and would be much easier to > set up. > I suppose this would leave Windows 9x out of the loop :-) I did see where pGINA was making strides for XP/NT2K, though, to make LDAP authentication simpler... > [ ... ] >> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone >> able to tell me if CIFS is secure "over the wire". I seem to recall >> a utility that would sniff network packets and if NFS is used, it can >> capture the files as they're travelling over the network; can this >> happen with CIFS? > > Oh, yes: unless you use an encrypted tunnelling protocol like a VPN or > an SSH tunnel, pretty much all filesharing protocols are vulnerable to > subnet-local sniffing. Using strong encryption when using wireless is > a fine idea. :-) > VPN would be a little strong to use for client->wap, though, wouldn't it? I have used VPN's for WAP<->WAP bridges, but not for a notebook computer to a WAP. What I HAVE used is SSH, to create a redirected series of ports. That's reasonably simple to open on a notebook. BUT I don't know how (or even *if*) it could be used to redirect CIFS connections. How come NFS got such heavy flak for insecurity when CIFS also transfers in clear text over the wire? Just curious...perhaps it's easier to misconfigure to allow mounts that people didn't mean to mount (although the same could be said of being able to mount C$ without the user on the machine knowing it...) -Bart