Date: Wed, 5 Jul 100 11:06:10 -0400 From: "Troy Settle" <troy@picus.com> To: "Andy Cowan" <andyc@waverider.net.uk> Cc: <freebsd-isp@FreeBSD.ORG> Subject: RE: Centralised user information Message-ID: <200007051106312.SM01220@durango.picus.com>
next in thread | raw e-mail | index | archive | help
I only briefly experimented with NIS. At the time, I also had concerns about security. I don't know how much good it did, but I blocked the rpc port at my borders to keep intruders out. (perhaps there's other ports that can be blocked out). Honestly, if I had it all to do over again, all my servers would be placed behind a fairly strict firewall, only allowing access to those ports necessary to get the job done, keeping everything else (dialup, routers, and office workstations) on seperate subnets/segments. I never got burned, but I've learned a lot over the last 5 years I've been doing this stuff. G'luck, -Troy ---------- Original Message ---------------------------------- From: "Andy Cowan" <andyc@waverider.net.uk> Date: Wed, 5 Jul 2000 15:07:50 +0100 >> At my last job, we used custom script to distribute an edited >> password file >> to other machines when needed (at 5 minute intervals). Not a perfect >> solution, but it worked well enough. >> > >Which is what we're anticipating doing. As you say, not perfect.... > >> Another option, is to use NIS. See /var/yp/Makefile.dist for details. >> > >I thought there were security concerns with NIS. If not, I'd be happy to use >it. > >A. > >-- >Andy Cowan >Managing Director >Wave Rider Internet Ltd >http://www.waverider.co.uk > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007051106312.SM01220>