Mailinglist Archive: opensuse (4288 mails)
| < Previous | Next > |
Re: [SLE] [OT] NIS Security
- From: Alexandr Malusek <Alexandr.Malusek@xxxxxxxxxx>
- Date: 08 May 2002 17:35:29 +0200
- Message-id: <86wuuer6ta.fsf@xxxxxxxxxxxxxxxxx>
Thorsten Kukuk <kukuk@xxxxxxx> writes:
> > IMHO, it can't. Actually, this was one of the reasons why NIS+ was
> > developed.
>
> That is not correct. NIS+ can also not prevent root from doing an
> "su - <user>".
Well, I've shortened my ideas too much and it led to confusion. I'm
sorry.
The reason why it cannot be implemented is that no stable SecureNFS
implementation is available for Linux. The only reference I've found
is http://www.cs.vu.nl/~gerco/SecureRPC/. (I wish I'm wrong here.)
The note about NIS+ is not quite appropriate in this context because
SecureNFS can be used with NIS too. I wanted to say that the
distribution of public keys (which are needed by SecureNFS in Sun's
implementation) is handled by NIS+ "automatically". In NIS, the maps
must be created and some other changes must be made by the
administrator in order to get SecureNFS working.
> You cannot solve this with NIS, NIS+ or LDAP.
I fully agree. But the question is what options we have on Linux? I
was thinking about AFS or Arla as distributed file systems and
Kerberos.
--
Alexandr.Malusek@xxxxxxxxxx
> > IMHO, it can't. Actually, this was one of the reasons why NIS+ was
> > developed.
>
> That is not correct. NIS+ can also not prevent root from doing an
> "su - <user>".
Well, I've shortened my ideas too much and it led to confusion. I'm
sorry.
The reason why it cannot be implemented is that no stable SecureNFS
implementation is available for Linux. The only reference I've found
is http://www.cs.vu.nl/~gerco/SecureRPC/. (I wish I'm wrong here.)
The note about NIS+ is not quite appropriate in this context because
SecureNFS can be used with NIS too. I wanted to say that the
distribution of public keys (which are needed by SecureNFS in Sun's
implementation) is handled by NIS+ "automatically". In NIS, the maps
must be created and some other changes must be made by the
administrator in order to get SecureNFS working.
> You cannot solve this with NIS, NIS+ or LDAP.
I fully agree. But the question is what options we have on Linux? I
was thinking about AFS or Arla as distributed file systems and
Kerberos.
--
Alexandr.Malusek@xxxxxxxxxx
| < Previous | Next > |