Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Oct 2001 20:34:42 +0200 (CEST)
From:      "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>
To:        <freebsd-questions@freebsd.org>
Subject:   NFS security with HEIMDAL
Message-ID:  <20011008202831.L37736-100000@klima.physik.uni-mainz.de>
next in thread | raw e-mail | index | archive | help 
Dear Sirs.

I need a little bit 'help' from those who use FreeBSD in a wide range
network.

At our institute, FreeBSD is the first choice server system. We have a core
of several servers and a lot of clients, on which other, non-trustable guys
have root access. We need to export several directories from the main
directory server in conjunction with NIS/YP over NFS but this opens many
security holes and riscs, not even on buggy code but in a conceptional
manner. An exported homes-directory in conjunction with NIS/YP opens
each home directory and so far the private area of each user for each
root on the other machines. I hope now to target these problesm with core
elements of FreeBSD, means: NIS/YP, NFS and Kerberos/Heimdal. I need
a mechanism with which I can autheticate root's rights angainst a
database. Well, I must confess that in this manner and in this point of
view I'm a real fool and newbie. If there is someone out here and
very familiar with FreeBSD's Heimdal implementation and/or familiar with
the kind of service aspect I mean I would appreciate any hint, tip or
suggestions in that manner.

Thanks a lot,

Oliver

--
MfG
O. Hartmann

ohartman@klima.physik.uni-mainz.de
----------------------------------------------------------------
IT-Administration des Institutes fuer Physik der Atmosphaere (IPA)
----------------------------------------------------------------
Johannes Gutenberg Universitaet Mainz
Becherweg 21
55099 Mainz

Tel: +496131/3924662 (Maschinenraum)
Tel: +496131/3924144
FAX: +496131/3923532


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011008202831.L37736-100000>