Date: Tue, 27 May 2003 21:33:59 +0200 From: Gunnar Flygt <flygt@sr.se> To: Eric Anderson <anderson@centtech.com> Cc: FreeBSD Security <FreeBSD-Security@freebsd.org> Subject: Re: multihost master.passwd sync Message-ID: <20030527193359.GA6125@sr.se> In-Reply-To: <3ED3B6D8.8000103@centtech.com> References: <XFMail.20030527143041.ah60@httpsite.com> <200305271201.40742.metrol@metrol.net> <3ED3B6D8.8000103@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 27, 2003 at 02:04:56PM -0500, Eric Anderson wrote: > Michael Collette wrote: > >On Tuesday 27 May 2003 11:30 am, Andy Harrison wrote: > [..snip..] > >>>NIS [yp(8)] ? > >> > >>Lord no... even if you setup a backup nis server, an ailing master server > >>can really screw up your day. > >> > >>I think I thought of a solution though. root cronjob to pgp encrypt the > >>file, change perms so that it can be accessed by a user that is allowed to > >>copy the file to the target host. The file is in encrypted using the > >>public key of root the target machine, so only root on the target will be > >>able to pgp extract the file. > > > > > >Why not just preconfigure SSH keys between the boxes and scp the file > >across? Seems like a lot of extra work to bring PGP into the mix. > > > >Personally, I'm real curious about utilizing an LDAP backend to replace > >NIS. Read a bit about it, but haven't had a chance to play with it just > >yet. It sounds like a far more elegant solution for what you're looking > >to do as well. Assuming it all works as advertised that is. > > I've started this exact process - replacing my NIS gunk with LDAP.. Not > too far through yet, but I'll try to keep good notes for anyone else who > may want them.. I've installed 5.1-beta on a box that should do nss_ldap, so that I don't have to setup any users directly on that server. The ldap server will be in the corporate network, and the 5.1-RELEASE in a DMZ as ftp-server. I'm interested in all input I can get, to get the whole thing going. > > Eric > > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > Attitudes are contagious, is yours worth catching? > ------------------------------------------------------------------ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Gunnar Flygt OPC Data Sveriges Radio
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030527193359.GA6125>