Ok, then I'll just stay with what I want until I put up a mirror server later this year. Sounds like ldap would help in managing that.
Thanks a lot for all the input. Rod > That's true, I hadn't thought of that. Actually it's the disabling of > user shell access that brings that security. But has nothing to do with > using db, nsswitch. So the real advantage is distribution (as Fraser > wrote) and not security. Sorry Rod, I must have been a bit confused > yesterday.. > > Michael > > Michael Loftis wrote: > >> local means 'can get shell and/or otherwise get machine to execute >> stuff we want to execute' >> >> has nothing to do with /etc/passwd, ldap, nis, mysql, or anything. >> all they need is a hole that allows them to execute something. >> >> --On Wednesday, March 24, 2004 17:48 +0000 mimo <[EMAIL PROTECTED]> wrote: >> >>> Maybe I'm off topic. WHere do you keep your user accounts at the moment? >>> are they all local users? >>> Most exploits and vulnerabilities are local -- they only apply to your >>> machine if you have (other) local users. So it's more secure to have >>> "virtual" users via nsswitch / pam /etc and some db (ldap, mysql >>> preferably). >>> There are more reasons - but this is the most compelling one I think. >>> >>> Michael Moritz >>> >>> Rod Rodolico wrote: >>> >>>> ok, this is a basic question. I am a small IPP (60 domains, 200 users) >>>> and I see a lot of stuff about ldap. I searched the web and got some >>>> basic info on what it does, but the big question is, how would it be >>>> helpful to me? I also run MySQL services, but mainly the server does >>>> smtp, imap, pop, http and dns (exim, courier, apache and bind). One >>>> box, >>>> 200 users, is there any reason I should consider dns? >>>> >>>> BTW, I also maintain three other web servers for people and use them >>>> all >>>> as backup servers (using rsync) for each other, but I guess that is not >>>> part of the issue here. >>>> >>>> Thanks, >>>> >>>> Rod >>>> >>>> >>>> >>> >>> >>> -- >>> Please note that this account is being filtered using anti UCE systems. >>> If you send email to this account make sure that it could not be >>> mistaken >>> as UCE. >>> >>> >>> -- >>> To UNSUBSCRIBE, email to [EMAIL PROTECTED] >>> with a subject of "unsubscribe". Trouble? Contact >>> [EMAIL PROTECTED] >>> >>> >>> >> >> >> >> -- >> Michael Loftis >> Modwest Sr. Systems Administrator >> Powerful, Affordable Web Hosting >> GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E >> > > > -- > Please note that this account is being filtered using anti UCE systems. If > you send email to > this account make sure that it could not be mistaken as UCE. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Latest survey shows that 3 out of 4 people make up 75% of the world's population.
