I prefer to put everything behind the firewall, then port forward what I need to
the appropriate server. Though there is nothing wrong with buying a dedicated
server and hosting web and mail on it (this is what I do). I also have smtp
auth with TLS securing the link, IMAPS (SSL) secures inbound email.
I will need to look into this some more, particularly the authentication part.
Ftp usernames and passwords are sent in the clear, and as such is a bad idea.
You could use sftp which is based on SSH, so remote users will need accounts on
the box, which they would likely have with SAMBA access anyway. You could
backend user accounts into LDAP removing the need to have local accounts for
all services (samba, web, mail, sftp etc). This is a lot more work, but
depending on the number of people you will be providing access to, it may be
worthwhile in the end. As an aside, I have all mail users authenticating
against LDAP, with sftp/ftp users to follow in the coming months.
There are SSL enabled ftp servers but I have had compatability issues with many
client software packages.
BTW, unfortunately on the client side, we still need to be on Windows if that makes a difference.
Mozilla/thunderbird support the TLS/SSL stuff on our mail server. Winscp and
filezilla are windows based sftp clients. There is a package called pgina
which you can use to provide alternative authentication methods to your windows
boxes.
Thanks Gustin, we probably won't be using LDAP, there are not that many users -- maybe in the future. With regards to sftp, RH comes with vsftp -- just having a look around to see how they are related -- I don't believe they are the same thing. I will have a closer look at your recommendations to see what fits our needs.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
