NIS, was (FTP & IMAP)
jkyllo+lug at echospiral.com
Fri Apr 6 10:35:00 PDT 2001
Speaking of nis... How hard have you found that to be to set up? I tried
my hand at it briefly a while ago using the howtos but i couldn't get the
box to authenticat properly with itself (the nis server).
On Fri, 6 Apr 2001, Greg Daly wrote:
> Well, to solve all of this, i'm starting an sftp-only policy on the box.
> That should take care of everyone. :)
> It took me a bit to find out why it wasnt working with NIS but i found the
> switch and it works great. Thanks for the suggestions all.
> ----- Original Message -----
> From: "R. David Whitlock" <ryandav at u.washington.edu>
> To: "UW Linux Group" <linux at u.washington.edu>
> Sent: Thursday, April 05, 2001 11:16 PM
> Subject: Re: FTP & IMAP
> > All very true. All encrypted/non-encrypted channel discussions become
> > moot if you can't trust the daemon serving that service. Most of the
> > serious security exploits of the last few years use weaknesses that are
> > inherent to the daemon used by the server, instead of relying on
> > well-known weaknesses in the TCP/IP protocols and local traffic
> > restrictions.
> > The flip side of that: large institutions like UW often are hit hardest
> > (or affect more users by sheer numbers) by the more localized exploits
> > like password sniffers on the local subnet (because the majority of users
> > need to learn about the security features available for local traffic
> > encryption.)
> > -David
> > "What you hear isn't necessarily what was said,
> > what you read isn't necessarily what was written."
> > -Dostoevsky
> > On Thu, 5 Apr 2001, Justin Huff wrote:
> > > Actually, there is a small difference IMHO.
> > > The use of clear text PWs are the end user's choice (assuming that the
> > > sysadmin allows it). An deamon *should* be secure even if it's not used.
> > > By this I mean that it should be free from remote compromise without
> > > knowing a valid username/PW.
> > >
> > > A decent example is anon ftp. I'm sorry, I just don't see the need to
> > > encrypt data which is open to everyone. However, I don't want remote
> > > exploits in that ftp server.
> > >
> > > The converse is also true. Just because data/PW is encrypted doesn't
> > > the service is secure in anyway.
> > > --Justin
> > >
> > > On Thu, 05 Apr 2001 17:15:26 marchuk at ee.washington.edu wrote:
> > > > Whats with all this ftpd being secure, its not secure as long as the
> > > > passwords are sent in clear text. If you are willing to send your
> > > > passwords in clear text then you shouldnt be concerned much about the
> > > > internal security of the program.
> > >
> > >
More information about the Linux