Michael
Michael Loftis wrote:
local means 'can get shell and/or otherwise get machine to execute stuff we want to execute'
has nothing to do with /etc/passwd, ldap, nis, mysql, or anything. all they need is a hole that allows them to execute something.
--On Wednesday, March 24, 2004 17:48 +0000 mimo <[EMAIL PROTECTED]> wrote:
Maybe I'm off topic. WHere do you keep your user accounts at the moment? are they all local users? Most exploits and vulnerabilities are local -- they only apply to your machine if you have (other) local users. So it's more secure to have "virtual" users via nsswitch / pam /etc and some db (ldap, mysql preferably). There are more reasons - but this is the most compelling one I think.
Michael Moritz
Rod Rodolico wrote:
ok, this is a basic question. I am a small IPP (60 domains, 200 users)
and I see a lot of stuff about ldap. I searched the web and got some
basic info on what it does, but the big question is, how would it be
helpful to me? I also run MySQL services, but mainly the server does
smtp, imap, pop, http and dns (exim, courier, apache and bind). One box,
200 users, is there any reason I should consider dns?
BTW, I also maintain three other web servers for people and use them all
as backup servers (using rsync) for each other, but I guess that is not
part of the issue here.
Thanks,
Rod
--
Please note that this account is being filtered using anti UCE systems.
If you send email to this account make sure that it could not be mistaken
as UCE.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
-- Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
