From owner-cvs-all Wed Sep 23 13:28:58 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA08752 for cvs-all-outgoing; Wed, 23 Sep 1998 13:28:58 -0700 (PDT) (envelope-from owner-cvs-all) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA08598 for ; Wed, 23 Sep 1998 13:27:57 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (IDENT:czjmo57UYkH3v8hZBrq1ROcYb5D+wPky@localhost [127.0.0.1]) by gratis.grondar.za (8.9.1/8.9.1) with ESMTP id WAA19326 for ; Wed, 23 Sep 1998 22:27:30 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199809232027.WAA19326@gratis.grondar.za> To: committers@freebsd.org Subject: Security and other facilities at WC CDROM - the plan. Date: Wed, 23 Sep 1998 22:27:29 +0200 From: Mark Murray Sender: owner-cvs-all@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello folks With the large number of _very_ distributed users using the FreeBSD machines at WC CDROM, system administration is becoming a nightmare, and as a by-product, security is becoming increasingly difficult to police and manage. We have had some _nasty_ security scares recently, and it is a matter of time before some jerk _really_ breaks things. WC CDROM is a high-visibility site (So is FreeBSD), and the unwelcome attention of crackers needs to be proactively addressed. Jordan and Mike (Smith) have asked me to help reduce the system administration burden and improve security, and it is with this that I am now approaching you. The plan is this: 1) to set up a high-security NIS server which will be the ONLY container of passwd(5) account information for FreeBSD committers. 2) NIS has its own set of security problems, so these maps will not contain user passwords; instead, other more secure systems will be used to provide user authentication: a) Those users who use ssh and have set up a no-password login will continue to enjoy that facility. b) Users who prefer to use telnet will need to use kerberised telnet. Non-kerberised FTP will cease to work (except for anonymous ftp), and POP will no longer accept your login password (Preferring KPOP or APOP). Kerberos 5 will be used. SSH port forwarding of FTP and POP ports is encouraged. c) Users may use One-Time-Passwords (S/Key, OTP, OPIE) for Telnet/FTP/POP. This will be reviewed often, and restrictions may be added later as it opens up the telnet daemon. d) rcp/rlogin will break, as we will be using Kerberos 5, and the r-utils standards are not universal enough. 3) User home directories will be auto-mounted to the machine you log into from your (FreeBSD) home dir using AMD. (This is a local mount at WC CDROM, not from your home/work box!) This is an advance warning of intentions. Action is going to be swift. I request now that you consider any implications that this may have for your preferred connection method, and approach me with suggestions, improvements, concerns and/or questions. Lets get these sorted out NOW. Because of the "almost-break-ins", we are moving fast. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org