[4440] in linux-net channel archive
Re: Authentication Server
daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Mon Sep 16 15:41:22 1996
To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: miquels@drinkel.cistron.nl (Miquel van Smoorenburg)
Date: 16 Sep 1996 10:21:00 +0200
In article <m0v2K9C-0005FbC@lightning.swansea.linux.org.uk>,
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
>> alan>And unusable on any system requiring more than joke level security. Radius
>> alan>is at least vaguely secure. Secure shell and/or kerberos solutions are
>> alan>relatively strong.
>> You have no idea about Linux NIS security. Get the latest NIS package from
>> Miquel. NIS is secure on Linux but certainly a danger on other Unixes.
>
>Time to fetch goodies. If Miquel has managed to beat all the vendors on securing
>NIS then I'm impressed. Somehow Im also not suprised.
Take it easy, miracles don't exist (I think). I've helped a bit with the
Linux NIS server, and that one now has some more features then the
usual NIS servers. That's all. You can decide on a per-host basis if you
want the password field to be replaced by an 'x', always or only if the
request is from a non-root process (RPC requests always try to bind to
priviliged ports, fortunately). Then there's the securenets file as usual.
You _do_ have to configure it before it's reasonably safe, ofcourse.
Most of this was Thorsten Kukuks work, see also
http://www-vt.uni-paderborn.de/~kukuk/linux/.
>Now does Miquel's stuff
>work with glibc ?
It's just the server stuff. Also glibc has no NIS client code at the moment
AFAIK. I though that NYS was supposed to be one of the "add-ons" for
glibc, but I haven't followed its development lately.
Now what would be nice is an integrated NIS/RADIUS server and some libc client
code that could authenticate with RADIUS..
Mike.
--
+ Miquel van Smoorenburg + Cistron Internet Services + Living is a |
| miquels@cistron.nl (SP6) | Independent Dutch ISP | horizontal |
+ miquels@drinkel.cistron.nl + http://www.cistron.nl/ + fall +
