[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] using the same passwords for everything
- Subject: Re: [cobalt-users] using the same passwords for everything
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Wed Jan 15 20:54:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
SW> Date: Wed, 15 Jan 2003 21:37:36 -0500
SW> From: Steve Werby
SW> Eddy, thanks for the extensive list. Frankly, I only have
SW> experience with LDAP, PAM and Kerberos, but Eddy's right on
Someone also should point out that some of these have different
niches:
Kerberos (KerberosIV and KRB5) is intended to provide secure auth
in an untrusted network. LDAP is more of a network information
database, like NIS/YP. libnss[*], PAM, and SASL are plugin-based
layers to help alleviate the N^2 problem.
Sometimes one uses a combination of the above. Other times not.
This area gets very muddy very quickly; I strongly advise people
to review the different options.
[*] This is one are where my beloved FreeBSD lags behind Linux.
nsswitch can be very helpful in larger/centralized security
systems. Bear in mind, however, the increased risk -- and
corresponding need for security -- when using such a setup.
SW> the money and I hope it didn't appear I was suggesting LDAP
SW> was the only mechanism available.
I took your post as a suggestion highlighting that with which
you've had good luck, for those who want to "get right down to
business". :-)
IMHO, this is something of an underdeveloped area... many of the
options "come close", but they all could improve. Configuring
LDAPv3 is an interesting experience, especially the first time.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.