[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: A security flaw question.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

akonstam trinity edu wrote:

| I have a security question for the group. We have ~50 Linux
| machines that are NIS clients of out server. The idea as you know
| is that nay of are students van log in to any of the machines and
| have the same home directory and the same passwd.
|
| Ok, now the question. I have been hearing from people about
| security flaws. Well what about about this. A number of our faculty
| have set up their personal machines as NIS clients. It makes it
| easier to get to their class related files. My feeling this is a
| tremendous security hole, since a first important step in hacking a
| machine might be logging in to the machine. Making faculty personal
| machines NIS clients means that any of the 1000 or so students can
| log in to the faculty machine. Does any one else think that this is
| a bad idea, or am I confused?

Dear akonstam

i worked for a company once (also in the .edu), who used an ldap based
network management to steer their user's access over network resources.

id rather give ldap a try than nis, nis is outdated, and there are at
least some existing flaws in it, that make it possible for a single
client machine to gain other users permissions (dot file bug e.g.)

im not sure if this flaws still work, but ldap is the modern way of
handling such tasks.

Greetings
Oliver Leitner
Technical Staff
http://www.shells.at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFCoi27xHPquN24yVsRAtBsAKCtyZSu7YRXOe5UN6wP9A7h+w40swCeIT9L
OjXtQKjB6Grd3niAU0tsmI4=
=tU/i
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]