Chad Perrin <[EMAIL PROTECTED]> writes:

> On Thu, Dec 20, 2007 at 09:32:50AM -0500, Lowell Gilbert wrote:
>> RA Cohen <[EMAIL PROTECTED]> writes:
>> > I am sorry, here is an addendum to my previous post:
>> >
>> >>>Somehow Ubuntu was given root user
>> >  permissions<<
>> >
>> > Actually, upon rereading my notes, Ubuntu was only given permissions of 
>> > the user doing the login - not root - but we could login with any valid 
>> > user apparently FreeBSD thought it was presented with a wildcard password.
>> >
>> > And I can also verify that FreeBSD clients are able to use the password 
>> > map when x is used instead of * in the map to represent the password. So I 
>> > can secure the system using the x but still cannot get Ubuntu clients to 
>> > authenticate.
>> Sounds like Ubuntu is using the wrong map, probably one where it's
>> getting a different and empty field where it expects to find a password.
> The behavior with an asterisk instead of an X is pretty worrisome,
> however, and is not strictly Ubuntu's fault.  Security of a server should
> not rely on the good will and competence of the client developers.

I agree with the latter sentence, but not the former.  
When using NFS (without Kerberos), it is built into the protocol that
the server trusts the client on the UID/GID.  
That is a good reason not to use NFS in an untrusted environment, but
there really isn't anything FreeBSD can do about it.
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to