From owner-freebsd-security@FreeBSD.ORG Tue May 27 12:10:43 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92E8E37B401 for ; Tue, 27 May 2003 12:10:43 -0700 (PDT) Received: from aphrodite.gwi.net (aphrodite.gwi.net [207.5.128.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7C7E43F3F for ; Tue, 27 May 2003 12:10:42 -0700 (PDT) (envelope-from ah60@httpsite.com) Received: from andy.gwi.net (blake.gwi.net [207.5.142.8]) by aphrodite.gwi.net (8.12.6p2/8.12.6) with ESMTP id h4RJAgPh076878 for ; Tue, 27 May 2003 15:10:42 -0400 (EDT) (envelope-from ah60@httpsite.com) Message-ID: X-Mailer: XFMail 1.5.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200305271201.40742.metrol@metrol.net> X-System-Info-OS: FreeBSD 4.8-STABLE #0 X-System-Info-httpd: apache-1.3.27 X-System-Info-WM: windowmaker-0.80.2 X-System-Info-RT: rt-3-0-2 X-System-Info-DB: PostgreSQL-7.3.2 X-System-Info-Perl: v5.8.0 X-Homepage: http://www.nachoz.com X-PGP-Key: RSA-1024 http://www.nachoz.com/andy.pub Date: Tue, 27 May 2003 15:10:57 -0400 (EDT) Sender: aharriso@andy.gwi.net From: Andy Harrison To: FreeBSD Security Subject: Re: multihost master.passwd sync X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 19:10:43 -0000 -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On 27-May-2003, Michael Collette wrote message "Re: multihost master.passwd sync" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Why not just preconfigure SSH keys between the boxes and scp the file across? > Seems like a lot of extra work to bring PGP into the mix. Because we don't allow root login remotely, mandated from above. > Personally, I'm real curious about utilizing an LDAP backend to replace NIS. > Read a bit about it, but haven't had a chance to play with it just yet. It > sounds like a far more elegant solution for what you're looking to do as > well. Assuming it all works as advertised that is. The problem is that while it allows authentication, it doesn't integrate seamlessly allowing you to own files as a user that only exists in the ldap. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPtO4P1PEkLgodAWVAQF15QQAsPRwL67UjAy3CxhhxT/qrYAnXgenJv2f p1gRYI+jsQQTjMhuK0F7wlP/tkEYq8ATUjGo2c/42Cv6TKhJju6Z+9ZrY/+rJ9D/ GHwYuW1FE9cLbrEQZMHM5y0piHHGGvf6EX5EpIZQ3H5oKaO2vN+xSe+WQjAkp1Kv aARSDBzB0v8= =6jPd -----END PGP SIGNATURE-----