Dear Andreas, thanks for addressing this elderly topic. Indeed NFS4 has some security issues - and it has been discussed if NFS5 can solve them. Anyway...:
Am Donnerstag 17 Mai 2007 20:46 schrieb Andreas Schockenhoff: > The other problem is that I must include all the automatic assigned > IPs in the DHCP range because I can not guarantee the old IP. There is some scripts that extract your MAC addresses from dhcp-leases or daemon logs - if you sort them (-u "unique") you will easily find your labs by brands. In case you fail to spot them with google, we can try together ;) > > Use of static IPs in DHCP only can be a solution, make the security > problem smaller but do not solve it. If I assign an existing hostname (like dhcp001) to my personal laptop, I can easily play tricks to netgroup's security approach. If you think that there is hardly any risk with switching netgroups off, you can easily change the access rules. > > But a mass import of workstations with ldap should also be nice. It was suggested years ago to have a similar protocoll as samba clients use: Accordingly, you could make any client join the netgroup by simply entering some authentification code (password). This client-server connection would add the clients MAC address to the dhcpd-conf and add the corresponding hostname to the netgroup. Regards Ralf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
