On Tue, Dec 25, 2007 at 04:43:40PM +0200, Ariel Biener wrote: > Well, I wouldn't chose any of the above in the way it is described. I believe > that MS AD is the best tool to use for Windows environment, LDAP is the > best tool for a Linux environment, and NIS is the best tool in that it is alot > simpler for automounting and mount permissions for file servers (no > password data here).
However be aware that except for Windows, NFS uses *NIX user numbers for access control. If your user name to user number mapping is not consistent across all your systems you can have security problems. The Windows NFS client from Microsoft gives you the choice of several Windows user name to user number mappings which depending upon how they are used can increase or decrease security. SAMBA can use its own Windows user name to *NIX user number mapping and since it is under exclusive control of the server administrators (I hope), can be much more secure. One of the biggest problems with NFS is that if someone knows a user number (or you allow root access over NFS), is that they can boot a *NIX "Live CD" and create an account with the correct user number and access any files on an NFS share they want. Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
