[ On Thursday, May 18, 2000 at 10:50:48 (-0500), Cameron, Steve wrote: ]
> Subject: RE: CVS security: networked filesystems like AFS, client server , ssh
>
> However, at a site like mine, where we have very
> transient and varied client machines. (e..g. prototype
> hardware comes in every couple of weeks, gets
> several OSes installed on in in the course of it's 2 week
> lifespan, etc.) even a mildly complicated setup is not
> practical.. (even a distributed passwd file is too much to
> ask for.)
and so you trust that temporary experimental machine at the same level
as you trust your own permanent servers!?!?!?!
I know I've been known to put customer and prototype machines on my
production network at home, but I have what I hope to be rather strong
host security and I don't even trust everything on the wire with the
same subnet address or domain suffix. However most folks I know in
professional labs would not only put such prototype machines on a
separate subnet, but they'd firewall the heck out of it internally too!
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>