From owner-freebsd-questions@FreeBSD.ORG Thu Dec 27 02:10:08 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8157D16A417 for ; Thu, 27 Dec 2007 02:10:08 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net [66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id 4E72213C4DB for ; Thu, 27 Dec 2007 02:10:08 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from Lowell-Desk.lan (Lowell-Desk.lan [172.30.250.6]) by be-well.ilk.org (Postfix) with ESMTP id 9247228430 for ; Wed, 26 Dec 2007 21:10:05 -0500 (EST) Received: by Lowell-Desk.lan (Postfix, from userid 1147) id D11311CCB2; Wed, 26 Dec 2007 21:10:00 -0500 (EST) To: freebsd-questions@freebsd.org References: <54129.66383.qm@web54201.mail.re2.yahoo.com> <44fxxxphbh.fsf@be-well.ilk.org> <20071220195027.GB54762@demeter.hydra> From: Lowell Gilbert Date: Wed, 26 Dec 2007 21:10:00 -0500 In-Reply-To: <20071220195027.GB54762@demeter.hydra> (Chad Perrin's message of "Thu\, 20 Dec 2007 12\:50\:27 -0700") Message-ID: <4463yksxaf.fsf@Lowell-Desk.lan> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: NIS Linux - Ubuntu X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 02:10:08 -0000 Chad Perrin writes: > On Thu, Dec 20, 2007 at 09:32:50AM -0500, Lowell Gilbert wrote: >> RA Cohen writes: >> >> > I am sorry, here is an addendum to my previous post: >> > >> >>>Somehow Ubuntu was given root user >> > permissions<< >> > >> > Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password. >> > >> > And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate. >> >> Sounds like Ubuntu is using the wrong map, probably one where it's >> getting a different and empty field where it expects to find a password. > > The behavior with an asterisk instead of an X is pretty worrisome, > however, and is not strictly Ubuntu's fault. Security of a server should > not rely on the good will and competence of the client developers. I agree with the latter sentence, but not the former. When using NFS (without Kerberos), it is built into the protocol that the server trusts the client on the UID/GID. That is a good reason not to use NFS in an untrusted environment, but there really isn't anything FreeBSD can do about it.