Re: Password Questions
From: Systems Administrator (sysadmin_at_sunet.com.au)
Date: 12/05/03
- Previous message: Mike Zupan: "Re: Password Questions"
- Maybe in reply to: AragonX: "Re: Password Questions"
- Next in thread: circut_at_hackthisbox.org: "Re: Password Questions"
- Maybe reply: James Hartman: "Re: Password Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Dec 2003 12:15:20 +1100 (EST) To: Brian Hatch <bri@ifokr.org>
On Thu, 4 Dec 2003, Brian Hatch wrote:
> NIS, previously YP, is a bad idea because it's cleartext on the network
> and the crypted passwords are visible to all local users. If you can't
..or you could do what I did. I was running RADIUS on the auth
machine for other reasons, and so I shared our passwd, group, etc, but NOT
shadow via NIS. Then I set up NIS, but set PAM to use RADIUS for auth.
That way (since I needed RADIUS anyway), I was only sharing the passwords
out with one mechanism.
> get LDAP working, then I'd suggest for security reasons you scp the
> /etc/shadow /etc/passwd and /etc/group files around instead. Just make
Or, you could use cfengine :). But cfengine should only be used
if you expect to add more machines in the future -- otherwise it's
overkill.
:)
-- Tim Nelson Systems Administrator Sunet Internet Tel: +61 3 5241 1155 Fax: +61 3 5241 6187 Web: http://www.sunet.com.au/ Email: sysadmin@sunet.com.au
- Previous message: Mike Zupan: "Re: Password Questions"
- Maybe in reply to: AragonX: "Re: Password Questions"
- Next in thread: circut_at_hackthisbox.org: "Re: Password Questions"
- Maybe reply: James Hartman: "Re: Password Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
