[405] in Kerberos
information
daemon@TELECOM.MIT.EDU (John Iarocci)
Wed Jun 22 21:19:03 1988
From: John Iarocci <iarocci@ENEEVAX.UMD.EDU>
To: kerberos@ATHENA.MIT.EDU
We've been looking around for an authentication system to replace Yellow Pages.
There are some serious problems with YP and there are some nice features. We
are junking the `hosts' yellow page map and running BIND. Some of the other
maps can be distributed via rdist. This leaves us with access to machines.
We are interested in security both in the account sense and the remote mount
sense. One of the features of Yellow Pages that we would rather like to keep
is the concept of `netgroups'. By using this mechanism, I can have a password
file that looks like this:
root:OaWYiXw/YZLCU:0:10:Eneevax,J-0313,4546849,4548798:/:/bin/csh
daemon:*:1:1:The devil himself,,,,:/:
bin:dWAkTAiH9ZE2s:3:10:System File Owner,,,,:/bin:/bin/csh
news:LD5fc4QzrJ3Ug:7:12:The News System,,,,:/usr/spool/news:/bin/csh
adm:q6J3eGswXEhH2:8:10:Accounts Administrator,,,,:/usr/adm:/bin/csh
mdqs:*:11:10:The Mdqs System,,,,:/usr/lib/mdqs:/bin/csh
guest:*:51:17:The Guest Account--can't log in,,,,:/usr/tmp:/bin/csh
+@Staff::0:0:::
+@EE_Department::0:0:::
+@All::80:10::/usr/local/restrict:/bin/sh
This lets the groups `Staff' and `EE_Department' on the machine in question,
and restricts the group `All' (albeit, in a nonsecure manner).
Please forward any information concerning your kerberos system.
Thank you,
John Iarocci
iarocci@eneevax.umd.edu
College of Engineering
University of Maryland
College Park Campus
College Park, MD 20742
(301) 454 - 1526 (6849)
