[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: security issue KDM (OT)
From:       Kuba Ober <kuba () mareimbrium ! org>
Date:       2003-07-30 18:58:08
[Download RAW message or body]

> so KDE is fine, but NIS has got a problem there. IMHO it is very hard to
>   assure this physical integrity that semms to be required. Just plug
> out  the network cable of any machine, plug your laptop with the same IP
> and you are in. this is not acceptable. is there an alternative to nis
> (without this kind of problem).

AFAIK, NIS is only useful to provide user lists to the hosts so that you don't 
have to keep passwd and groups files manually in sync. I wouldn't dare use it 
for authentication of any kind. It's about as secure as NFS2/NFS3. The actual 
authentication  should be done via kerberos, and whatever server-exported 
filesystem is used, its user should be authenticated preferably via a 
kerberos ticket. NFS4, AFS and OpenAFS that support that functionality come 
to mind (about NFS4 I'm not so sure, but it does support decent 
authentication).

Cheers, Kuba
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]