Date: Wed, 7 Nov 2001 21:01:09 -0800 (PST) From: Jano Lukac <jedovaty@yahoo.com> To: security@freebsd.org Subject: Re: NIS, rsync, and LDAP Re: sharing /etc/passwd Message-ID: <20011108050109.25500.qmail@web14501.mail.yahoo.com> In-Reply-To: <Pine.LNX.4.33.0111072043550.24824-100000@moroni.pp.asu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--- David Bear <David.Bear@asu.edu> wrote: <snip> > other recommendations include ldap_pam and rsync. > > Thanks for the suggestions. I was not even considering NIS becuase of > what I have heard about security issue with it. I live in a completely > untrusted network. So, it really needs to be safe. > > It would be nice to be able to share /etc/passwd between Linux and Freebsd > -- so some layer of abstraction like an ldap_pam would be great. I didn't > know ldap pam existed. I'll look into it. The ldap_pam stuff is cool as it works; it could be considered "secure" because new implementations of the openldap 2 have connections via ssl, or you could wrap the old openldap 1 through an stunnel. But a small warning: I've been working about a month now trying to figgure out how to allow users to change passwords, without luck. I went as far as setting up an ldap v3 with pam->ldap->sasl->kerberos, no luck. Additionally, I've recently received word that the openldap c-libs have memory leaks (unsure how true this is); there are the other ldap libs, though *shrug* Which reminds me.. another alternative for secure, remote authentication without copying passwd/shadow files is through kerberos (unsure about freebsd support for kerberos). Jano > > any other pointers? > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108050109.25500.qmail>