"Joe Sheble (Wizaerd)" wrote:
> At 09:36 AM 3/14/01 -0500, Michael Kimsal wrote:
> >What they've got now is completely fine - why necessarily change it?
>
> As you've stated, there are many reasons why changing would be a good
> thing, but mostly it's a manager (a higher up executive level mucky-muck)
> throwing out 'Hey what about this linux thingie..." and our IT Director
> (whom I often refer to as FDH for f*ckin d*ck head) saying we'll get right
> on it...
>
You might want be careful about posting some of that stuff on a public board,
unless
you're using an alias.
>
> >are. You could go CGI PHP on NT, which might be a compromise,
> >but you lose the raw speed advantage PHP as an Apache module has.
>
> Yes, the company has deemed this to be too difficult for our employees to
> remember.
>
> >What about security on a machine? Last intranet I was at in a large company,
> >just because we were logged into the network on a machine didn't give us
> >automatic access to the intranet - people moved around too much. You still
> >needed to present your name and password for the intranet - and everything
> >there
> >was NT/IIS/ASP and ColdFusion.
>
> Nope, there is no other security other than the Advanced
> Authentication. The security is not tied to any specific machine but a
> network login. So as soon as they login to any machine, their username and
> password is automatically passed to the browser and the advanced
> authentication takes place. Now this if they access the intranet
> internally through our network. There is also a basic authentication piece
> to access the intranet externally through the internet but requires a
> domain name, username and password. The management feels this is
> acceptable because there are very few (VERY few) people accessing the
> intranet this way.
I'd be one of those very few if I had to remember by domain as well to log in -
I'd think this is more of a security risk from prying eyes. Not only might someone
get my name/password by watching me, but they have a chance at learning just a bit
more about the internal organization of our network (a domain name). Sheesh!
"You are too stupid to be expected to remember a name and password in the building,
but you need that PLUS the domain to connect from outside". That seems
a DISCOURAGEMENT from using the bloody tool, rather than an encouragement!
I'd still point out that the advanced authentication thing is a security risk if
people
walk away from their machines, unless everyone ALWAYS logs off, even just to
pop to the kitchen for 5 minutes. If they can't expect people to remember a
separate
name/password (or to type it twice) they surely can't expect people to log off
everytime
they're not physically at a machine.
Anyway, that's a bit off topic.
You're asking if this can be done with Linux? Probably not, unless you got into
some
strange Samba stuff, which I don't think is capable of doing all that stuff
(someone
more familiar with samba please jump in at this point and correct me!)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
