From owner-freebsd-isp Wed Jul 5 8: 8:33 2000 Delivered-To: freebsd-isp@freebsd.org Received: from durango.picus.com (durango.picus.com [209.100.20.19]) by hub.freebsd.org (Postfix) with ESMTP id 4009337BF27 for ; Wed, 5 Jul 2000 08:08:29 -0700 (PDT) (envelope-from troy@picus.com) Received: from durango.picus.com [209.100.20.19] by durango.picus.com (SMTPD32-5.05) id AEE2D810218; Wed, 05 Jul 2000 11:06:10 -0400 From: "Troy Settle" Reply-To: "Troy Settle" Date: Wed, 5 Jul 100 11:06:10 -0400 To: "Andy Cowan" Cc: Subject: RE: Centralised user information Message-Id: <200007051106312.SM01220@durango.picus.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I only briefly experimented with NIS. At the time, I also had concerns about security. I don't know how much good it did, but I blocked the rpc port at my borders to keep intruders out. (perhaps there's other ports that can be blocked out). Honestly, if I had it all to do over again, all my servers would be placed behind a fairly strict firewall, only allowing access to those ports necessary to get the job done, keeping everything else (dialup, routers, and office workstations) on seperate subnets/segments. I never got burned, but I've learned a lot over the last 5 years I've been doing this stuff. G'luck, -Troy ---------- Original Message ---------------------------------- From: "Andy Cowan" Date: Wed, 5 Jul 2000 15:07:50 +0100 >> At my last job, we used custom script to distribute an edited >> password file >> to other machines when needed (at 5 minute intervals). Not a perfect >> solution, but it worked well enough. >> > >Which is what we're anticipating doing. As you say, not perfect.... > >> Another option, is to use NIS. See /var/yp/Makefile.dist for details. >> > >I thought there were security concerns with NIS. If not, I'd be happy to use >it. > >A. > >-- >Andy Cowan >Managing Director >Wave Rider Internet Ltd >http://www.waverider.co.uk > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message