-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
akonstam@xxxxxxxxxxx wrote:
| I have a security question for the group. We have ~50 Linux | machines that are NIS clients of out server. The idea as you know | is that nay of are students van log in to any of the machines and | have the same home directory and the same passwd. | | Ok, now the question. I have been hearing from people about | security flaws. Well what about about this. A number of our faculty | have set up their personal machines as NIS clients. It makes it | easier to get to their class related files. My feeling this is a | tremendous security hole, since a first important step in hacking a | machine might be logging in to the machine. Making faculty personal | machines NIS clients means that any of the 1000 or so students can | log in to the faculty machine. Does any one else think that this is | a bad idea, or am I confused?
Dear akonstam
i worked for a company once (also in the .edu), who used an ldap based network management to steer their user's access over network resources.
id rather give ldap a try than nis, nis is outdated, and there are at least some existing flaws in it, that make it possible for a single client machine to gain other users permissions (dot file bug e.g.)
im not sure if this flaws still work, but ldap is the modern way of handling such tasks.
Greetings Oliver Leitner Technical Staff http://www.shells.at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32)
iD8DBQFCoi27xHPquN24yVsRAtBsAKCtyZSu7YRXOe5UN6wP9A7h+w40swCeIT9L OjXtQKjB6Grd3niAU0tsmI4= =tU/i -----END PGP SIGNATURE-----