[366] in Hesiod
Re: secure information?
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Fri Jan 16 23:12:56 1998
Date: Fri, 16 Jan 1998 23:12:02 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Aidan Cully [Staff]" <aidan@panix.com>
Cc: hesiod@MIT.EDU
In-Reply-To: aidan@panix.com's message of Fri, 16 Jan 1998 17:22:48 -0500,
<19980116172248.65321@panix.com>
Date: Fri, 16 Jan 1998 17:22:48 -0500
From: "Aidan Cully [Staff]" <aidan@panix.com>
Just recently started working on using Hesiod for a library I'm building
which will resolve the identity of a user on the other end of a socket
based on incoming origin (e-mail me privately if you're interested.. It
is based on some of my News Gizmo code).. The problem I have right now
is how to restrict access to secure information so that only "good folk"
can get it? I'm talking about stuff like .passwd and .uid entries, .group
entries that we don't want anyone outside of our networks to see. Is
there any way to do this with Hesiod's BIND base, or will I have to screw
with BIND?
BIND is really designed to distribute public data, and the same is true
for Hesiod.
Note that it's also trivially easy to poison the DNS cache with
incorrect data, so be careful before using the .group information to
decide whether or not someone is allowed to actually access some file.
Storing information which is security sensitive in Hesiod really isn't a
wonderful idea... (that's why we use Kerberos to actually do the
authentication, and our NFS servers actually enforce user and group
ownership based on Kerberos authentication. The same is true for AFS,
of course.)
- Ted
