Mailinglist Archive: opensuse (4288 mails)
| < Previous | Next > |
Re: [SLE] [OT] NIS Security
- From: Alexandr Malusek <Alexandr.Malusek@xxxxxxxxxx>
- Date: 08 May 2002 15:37:12 +0200
- Message-id: <863cx2squv.fsf@xxxxxxxxxxxxxxxxx>
"Guy Van Sanden" <unixuser@xxxxxxxxxxxxx> writes:
> But there's a quickly increasing number of Linux machines. And the
> idea has been raised to bring them in to the NIS domain (as users on
> each station should be able to see which other users own certain
> data in clearcase). The problem is that every Linux-user has root
> on his/her own station. So bringing them into NIS makes it easy for
> them to 'su' to any desired user, and perform actions as that user.
>
> Can this in some way be blocked?
IMHO, it can't. Actually, this was one of the reasons why NIS+ was
developed.
I don't know what the best option is nowadays. I was thinking about
Kerberos but haven't tried it yet. Suggestions are welcomed.
--
Alexandr.Malusek@xxxxxxxxxx
> But there's a quickly increasing number of Linux machines. And the
> idea has been raised to bring them in to the NIS domain (as users on
> each station should be able to see which other users own certain
> data in clearcase). The problem is that every Linux-user has root
> on his/her own station. So bringing them into NIS makes it easy for
> them to 'su' to any desired user, and perform actions as that user.
>
> Can this in some way be blocked?
IMHO, it can't. Actually, this was one of the reasons why NIS+ was
developed.
I don't know what the best option is nowadays. I was thinking about
Kerberos but haven't tried it yet. Suggestions are welcomed.
--
Alexandr.Malusek@xxxxxxxxxx
| < Previous | Next > |