Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: Simone Grabstein <gsimon@xxxxxxxxxxxxxx>
  • Date: Thu, 3 Aug 2000 10:58:23 -0700 (PDT)
  • Message-id: <20000803175823.11682.qmail@xxxxxxxxxxxxxxxxxxxxxx>

--- rhoerbe@xxxxxxxxxxxxxxxx wrote:
> A very common setup for a system with remote
> maintenance is to use SSH for
> shell access. However, this is insecure, if you keep
> using ftp and pop for
> the same account with the same password. My setup
> is, to use separate
> accounts for different services. Quite inconvenient,
> unless you configure
> different password-dbs for ftp/pop/samba.

Actually, while remote telnet should probably be
disabled completely, I find that in most cases it is
not so inconvenient to have separate accounts for
those users who need ftp (GUEST/chroot'd accounts, of
course!). Besides, one might also use scp.

A partial solution to the pop database problem is
switching to APOP: the only real inconvenience i found
is having users adopt a client which supports this
authentication method (for Windows, I know Eudora -
but NOT Outlook...).

As for Samba, well, this is easy: it already has a
separate password database (/etc/smbpasswd). One
should only remember to enable encrypted password
support and add users with "smbpasswd -a".



Dr. Simone Grabstein

Do You Yahoo!?
Kick off your party with Yahoo! Invites.

< Previous Next >