Date: 25 Mar 1999 08:35:29 -0500 From: Andrew Hobson <ahobson@eng.mindspring.net> To: freebsd-security@freebsd.org Subject: Re: Kerberos vs SSH Message-ID: <kjzp51u1y6.fsf@computer.eng.mindspring.net> In-Reply-To: Matthew Dillon's message of "Wed, 24 Mar 1999 20:26:12 -0800 (PST)" References: <Pine.GSO.4.10.9903251409300.17330-100000@primrose.isrc.qut.edu.au> <199903250426.UAA68023@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 Mar 1999 20:26:12 -0800 (PST), Matthew Dillon <dillon@apollo.backplane.com> said: > This is what BEST.COM does. We also disallow passworded root > logins except on the console ( even w/ ssh ), and use the > kerberos 'ksu' command to control access to root. This allows > us to configure a crypted root password in the password file > good for logging into the console, but useless if stolen and > decrypted. All other accounts have '*' for their password ( > i.e. ssh+kerberos logins only). How do you handle updating the password files on all machines when you need to add or remove a user? Do you have any automated process? Drew -- begin 644 ahobson@mindspring.com.booby.trap.yes.it.is.gzipped.twice.gz.gz M'XL(`/*U^C`"`Y/OYF!XN?67`1/SVX.,O`P,#(<6V+V7OR#'I\$P"D;!*!@% HHV`4C()1,`I&P2@8!:-@%(P"$'APET'ED<H7!DY;!@`$55!J2`\``$;! ` My God, it's full of stars end To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?kjzp51u1y6.fsf>