Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: rhoerbe@xxxxxxxxxxxxxxxx
  • Date: Wed, 2 Aug 2000 20:59:45 +0200
  • Message-id: <OF09C39AA2.EF8564EC-ONC125692F.00679C6D@xxxxxxxxxxxxx>
>% - by default, no shell user should be allowed to log in to
ftp/telnet/pop
>% using the same password or at all
>
>Here's what throws me. I understand you to say that the default should
>be for a console-only system. Is that what you meant?? I also don't
>know what you mean by "same password"...

A very common setup for a system with remote maintenance is to use SSH for
shell access. However, this is insecure, if you keep using ftp and pop for
the same account with the same password. My setup is, to use separate
accounts for different services. Quite inconvenient, unless you configure
different password-dbs for ftp/pop/samba. Again, this is considerably more
effort, and I doubt that many admins do this.
Obviously, local access should not be limited.

Rainer


< Previous Next >
Follow Ups