From owner-freebsd-questions Mon Oct 8 11:34:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from klima.physik.uni-mainz.de (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by hub.freebsd.org (Postfix) with ESMTP id E86B737B401 for ; Mon, 8 Oct 2001 11:34:43 -0700 (PDT) Received: from klima.Physik.Uni-Mainz.DE (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by klima.physik.uni-mainz.de (8.11.6/8.11.4) with ESMTP id f98IYgu40490 for ; Mon, 8 Oct 2001 20:34:43 +0200 (CEST) (envelope-from ohartman@klima.physik.uni-mainz.de) Date: Mon, 8 Oct 2001 20:34:42 +0200 (CEST) From: "Hartmann, O." To: Subject: NFS security with HEIMDAL Message-ID: <20011008202831.L37736-100000@klima.physik.uni-mainz.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear Sirs. I need a little bit 'help' from those who use FreeBSD in a wide range network. At our institute, FreeBSD is the first choice server system. We have a core of several servers and a lot of clients, on which other, non-trustable guys have root access. We need to export several directories from the main directory server in conjunction with NIS/YP over NFS but this opens many security holes and riscs, not even on buggy code but in a conceptional manner. An exported homes-directory in conjunction with NIS/YP opens each home directory and so far the private area of each user for each root on the other machines. I hope now to target these problesm with core elements of FreeBSD, means: NIS/YP, NFS and Kerberos/Heimdal. I need a mechanism with which I can autheticate root's rights angainst a database. Well, I must confess that in this manner and in this point of view I'm a real fool and newbie. If there is someone out here and very familiar with FreeBSD's Heimdal implementation and/or familiar with the kind of service aspect I mean I would appreciate any hint, tip or suggestions in that manner. Thanks a lot, Oliver -- MfG O. Hartmann ohartman@klima.physik.uni-mainz.de ---------------------------------------------------------------- IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) ---------------------------------------------------------------- Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinenraum) Tel: +496131/3924144 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message