On Sun, 7 Apr 2002, Luca Filipozzi wrote: > I suspect that if all your boxes are running Debian that your life will > be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea. What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set up in a mode that's called "opportunistic encryption" that will use IPsec for communication when it's available and allow other traffic to proceed as normal. In this way, you won't care if things like LDAP (or even NIS) pass passwords around in cleartext, just as long as the workstation <-> file-server or authentication server connections are encrypted. Although I haven't done it, you should be able to run the server services bound to a specific IP that is only accessible via clients that have successfully IPsec-attached. 0.02, tony [EMAIL PROTECTED] | An ounce of perception, http://www.debian.org | a pound of obscure... | (Peart) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
