On Sun, Apr 07, 2002 at 09:22:12PM -0700, tony mancill wrote: > What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set > up in a mode that's called "opportunistic encryption" that will use IPsec > for communication when it's available and allow other traffic to proceed > as normal. In this way, you won't care if things like LDAP (or even NIS) > pass passwords around in cleartext, just as long as the workstation <-> > file-server or authentication server connections are encrypted. Although > I haven't done it, you should be able to run the server services bound to > a specific IP that is only accessible via clients that have successfully > IPsec-attached.
For the NFS traffic, opportunistic encryption seems like a very intersting idea. There's no way I would use libpam-ldap without knowing *for certain* that it was going over a TLS/SSL connection, however. Luca -- Luca Filipozzi, Debian Developer [dpkg] We are the apt. You will be packaged. Comply. gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]