Greetings all, I've been looking into running KRB5 and NIS. Alas, portmapped services are somewhat firewall-unfriendly, a la FTP. True, deny-by-default "keeps the bad guys out", but I can think of instances where one might want to allow selected access from specific IP addresses...
It also seems logical to combine user/group info with KRB authentication. What about: * Portmapped services can be assigned to static UDP/TCP ports * KRB5 gets to play ypserv. Note that a beneficial side effect would be that we needn't worry about returning the shadow password map... KRB handles auth. It seems to me that a small amount of hacking might yield a single, centralized user management system that is friendly to firewalls. Anything like this exist? Any interest? Eddy P.S. -- I'm an NIS newbie. I'll take no offense if someone says that I need to be larted with a clue-by-four, as long as there's a bit of constructive criticism. :-) --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
