--- rhoerbe@netpromote.co.at wrote:

A very common setup for a system with remote maintenance is to use SSH for shell access. However, this is insecure, if you keep using ftp and pop for the same account with the same password. My setup is, to use separate accounts for different services. Quite inconvenient, unless you configure different password-dbs for ftp/pop/samba.

Actually, while remote telnet should probably be disabled completely, I find that in most cases it is not so inconvenient to have separate accounts for those users who need ftp (GUEST/chroot'd accounts, of course!). Besides, one might also use scp. A partial solution to the pop database problem is switching to APOP: the only real inconvenience i found is having users adopt a client which supports this authentication method (for Windows, I know Eudora - but NOT Outlook...). As for Samba, well, this is easy: it already has a separate password database (/etc/smbpasswd). One should only remember to enable encrypted password support and add users with "smbpasswd -a". Greetings, Simon. ===== ===================== Dr. Simone Grabstein gsimon@rocketmail.com ===================== __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/