NIS, was (FTP & IMAP)

J. Kyllo jkyllo+lug at echospiral.com
Fri Apr 6 10:35:00 PDT 2001 

Speaking of nis...  How hard have you found that to be to set up?  I tried
my hand at it briefly a while ago using the howtos but i couldn't get the
box to authenticat properly with itself (the nis server).

-Jeff

On Fri, 6 Apr 2001, Greg Daly wrote:

> Well, to solve all of this, i'm starting an sftp-only policy on the box.
> That should take care of everyone. :)
> It took me a bit to find out why it wasnt working with NIS but i found the
> switch and it works great. Thanks for the suggestions all.
> -greg
> ----- Original Message -----
> From: "R. David Whitlock" <ryandav at u.washington.edu>
> To: "UW Linux Group" <linux at u.washington.edu>
> Sent: Thursday, April 05, 2001 11:16 PM
> Subject: Re: FTP & IMAP
> 
> 
> > All very true.  All encrypted/non-encrypted channel discussions become
> > moot if you can't trust the daemon serving that service.  Most of the
> > serious security exploits of the last few years use weaknesses that are
> > inherent to the daemon used by the server, instead of relying on
> > well-known weaknesses in the TCP/IP protocols and local traffic
> > restrictions.
> >
> > The flip side of that: large institutions like UW often are hit hardest
> > (or affect more users by sheer numbers) by the more localized exploits
> > like password sniffers on the local subnet (because the majority of users
> > need to learn about the security features available for local traffic
> > encryption.)
> >
> > -David
> >
> >
> > "What you hear isn't necessarily what was said,
> >   what you read isn't necessarily what was written."
> > -Dostoevsky
> >
> > On Thu, 5 Apr 2001, Justin Huff wrote:
> >
> > > Actually, there is a small difference IMHO.
> > > The use of clear text PWs are the end user's  choice (assuming that the
> > > sysadmin allows it). An deamon *should* be secure even if it's not used.
> > > By this I mean that it should be free from remote compromise without
> > > knowing a valid username/PW.
> > >
> > > A decent example is anon ftp.  I'm sorry, I just don't see the need to
> > > encrypt data which is open to everyone.  However, I don't want remote
> root
> > > exploits in that ftp server.
> > >
> > > The converse is also true.  Just because data/PW is encrypted doesn't
> mean
> > > the service is secure in anyway.
> > > --Justin
> > >
> > > On Thu, 05 Apr 2001 17:15:26 marchuk at ee.washington.edu wrote:
> > > > Whats with all this ftpd being secure, its not secure as long as the
> > > > passwords are sent in clear text.  If you are willing to send your
> > > > passwords in clear text then you shouldnt be concerned much about the
> > > > internal security of the program.
> > >
> > >
> >
> >
>

More information about the Linux mailing list