[5539] in Kerberos
Re: kerberos, sendmail, passwd
daemon@ATHENA.MIT.EDU (D'n Russler)
Sun Jul 23 12:47:40 1995
Date: Sun, 23 Jul 1995 19:34:51 +0400 (IDT)
From: "D'n Russler" <d_n@jer1.co.il>
To: Joe Beiter <jwb@wilbur.hhisland.com>
Cc: kerberos@MIT.EDU
In-Reply-To: <3uo9kt$bll@wilbur.hhisland.com>
On 21 Jul 1995, Joe Beiter wrote:
>
>
> I'm still new at Kerberos so I'm sure this question will be trivial to most
> of you.
>
Welcome.
> I'm using kerberos to athenticate users dialing into a Xyplex terminal
> server. Our mail system resides on the same system we are using as a
> kerberos master and primary server.
Not a good idea. As Kerberos keps the tickets in /tmp, they are publicly
accessable. Better idea, keep the krb server on a machine on the same net-
work as a the main mailserver but that has NO logins (except root, and
possibly a sysadm or sysop).
> I noticed that kerberos also supplies
> a popper server. I *still* need to add my users in *both* kerberos and
> the unix system though right? I mean, the sendmail system is going to look
> at /etc/passwd for a valid mail account....
Yes, you need to add in both, and prompt for both. You could prob. come up
with a perl script that, under root, does the double addition more or less
automatically.
BTW, if your system has shadowing -- where the encrypted passwords are kept
in /etc/shadow (or some such) which is permitted 000 -- so ONLY root can read
and modify it -- then by all means use it.
>
> I would like to get away with just adding them in kerberos and still let
> users receive mail on that system (via pop).
>
pop connections still need the unix password.
> Any insight or comments would be useful and welcome.
>
> - JoeB
>
> --
> |:=-@-=:|------|:=-@-=:|------|:=-@-=:|------|:=-@-=:|
> Joe Beiter Hargray Telephone Company
> jwb@hargray.com
>
--*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*--
D'n Russler NetMedia (Home of Jerusalem One)
System Administrator -------------------------------------
d_n@jer1.co.il "Information at the Speed of Thought"
........................................................................
Phone: (02) 795-860 Fax: (02) 793-524
info@NetMedia.co.il info@jer1.co.il
........................................................................
