NIS/NFS question

Ryan Golhar golharam at umdnj.edu
Thu Jun 30 21:25:03 UTC 2005 

But what if someone just enters in an ip address on their laptop to be
the same as the machine they unplugged...then limiting dhcp to known mac
addresses doesn't work.

I use this to control who my dhcp server gives ip addresses out to, but
that doesn't stop anyone from setting the ip address on their own
laptops...



-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Chiu, PCM (Peter)
Sent: Thursday, June 30, 2005 3:11 AM
To: General Red Hat Linux discussion list
Cc: Chiu, PCM (Peter)
Subject: RE: NIS/NFS question


I suppose a similar approach with iptables, is to
enforce DHCP to known MAC addresses.

Peter

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Wayne Pinette
Sent: 29 June 2005 22:37
To: redhat-list at redhat.com
Subject: NIS/NFS question


I have a question regarding NIS and was wondering if anyone had any
ideas.

We are creating a Linux workstation lab for students.  We have a central
linux box which teh students can ssh into from home. The lab is a place
where they can log in and work on their work.  We are using NIS to
authenticate the workstations and we are nfs mounting the /home
directory.  This is all pretty standard and make sense.  Here is the
problem : 

If a student walks into the lab with their laptop running their
favourite linux to which they have root access, unplugs a workstation,
plugs in their laptop, hardcodes the worksation's ip, sets ups his
laptop to nis authenticate and nfs share just like the workstation, logs
in as root, he can now su to any student id on the system. 
Although I quash root on the nfs share, it does not stop this student
from getting access to any other students (or instructors) material on
the server.  Although my nis server only trusts a small list of 
ip addresses, it's trust is still only based on ip.  Is there a way to
add some sort of certificate trust to nis or some other mechanism to
check against before nis will trust a machine on it network other than
just ip?

Wayner

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list