If you had put even 1/100 of the thought into your first statement as you
exhibited in your response below, there would have been little reason for me
to respond in the first place.
I will say that your argument of "[anyone using this software should know
what they are doing and not take my advice if it is not appropriate]" while
quite convenient, isn't really valid. This is the openfiler-users list,
not openfiler-devel and I can assure you that the majority of these people
believe you are much greater an authority on the subject than they are, and
I would say with good reason... you are.
Cheers, and thanks for the hard work on the project.
btw1: LAM - once it works, I'm sure it will work well.
btw2: Repos - yeah, that's what i figured. it's just that trying to get
cpan to compile the perl module dependencies for the LAM rpm's has been
interesting at best and grabbing these ancilliary parts from a centos repo
seemed less masochistic. I mean, i'm sure just getting a functioning gcc by
hand isn't anyone's favorite pastime :) I will perservere... thanks.
as an aside, I will say that the OF2.0b1 installed fine on a 3Ware 7506-12
2TB RAID5 array used as sole storage. i will update if i find any gotchas
but this is leaps and bounds more polished than the 1.x. I suspect once
block-level replication is hotted up, i will have many of my media creation
clients in here the SF area wanting upgrades to their 1.x implementations :)
-=dave
----- Original Message -----
From: "Mukund" <[EMAIL PROTECTED]>
To: "dave johnson" <[EMAIL PROTECTED]>
Cc: "Mukund" <[EMAIL PROTECTED]>; "Chris Bussey"
<[EMAIL PROTECTED]>; <[email protected]>
Sent: Sunday, April 16, 2006 11:33 AM
Subject: Re: [OF-users] Re: Openfiler Local Authentication Server
Hello Dave
On Sun, 2006-04-16 at 09:25 -0700, dave johnson wrote:
I cannot see how anyone can recomend not using authentication on any
network
at any location. If you have a wireless access point on your "home"
network, or have vpn access or port-forwarded access to any number of
access
mechanisms such as ssh, vnc, rdp, etc, or have children or other ignorant
users, or quite simply "any users who are not unix admins", then running
open authentication is certainly not "overkill" and suggesting doing so
is
foolish at best, and outright negligent at worst.
Sure having an authentication server always helps. It also helps to use
IPsec for network layer security or SSL for transport layer security
(which Openfiler supports for WebDAV and HTTPS). But there is a line
between security and convenience. There's a reason why public shares
exist, other than just for anonymous sharing for all. They provide
convenience without having to login and logout into shares. Nowadays,
filesystem client drivers have taken over this job caching credentials.
For a person who controls all access to their network, i.e., -the only
user-, public shares make perfect sense. That's why I said "personal
use". Even if a share is run in public mode, it can still be configured
to be accessible only from certain machines---Openfiler allows that.
A lot of things affect security on a public network. Even properly
configured file access protocols used in majority of installations today
suffer from lack of network layer security, which pretty much leaves the
rest of the security infrastructure insufficient and ineffective in many
network topologies. A person who runs a network with multiple clients
will have to make himself/herself aware of how to administer a network
correctly. A person who runs a open system wireless access point has far
more to worry about than just running a public share. It is also not the
job of the Openfiler project to tutor "any users who are not unix
admins" or any other users about network security. If they do not know
what a public/guest share implies for their network, they have bigger
problems. In fact, Chris Bussey did realise that public/guest shares
would be insufficient for his implementation in our phone conversation.
When it comes to using Openfiler for personal use with or without a
currently non-existing network directory service (which "any users who
are not unix admins" will find difficult to install and configure), I am
*not* going to suggest giving security a higher place over convenience
and freedom. People have different priorities and personal choices of
implementations and this is mine. It can certainly be upgraded to use
authentication once they have it functioning on their network.
I do not see why you have to write such a critical email over a simple
instruction which was clearly meant to be used for personal use with his
stated network configuration.
You can reply to this email to voice your concerns with my mail, but as
a discussion of a complex area such as network security is not really an
Openfiler subject, and as our personal opinions about security already
mis-match, I have said enough.
struggling with getting LAM installed for 2 days now... but it is
opensource, i really can't complain.
We named it as we used it to configure a few test boxes and it works
fine for us. Once you get used to it, you'll find managing users with it
easy.
btw2, i assume that if i installed yum centos repos, none of my openfiler
updates will work ? (new to yum). for now, i'm sticking with up2date
for
centos install mgmt, and yum to get the of patches.
You are required to use the Openfiler supplied repositories. Openfiler
is based on CentOS. It is not CentOS.
Mukund
_______________________________________________
Openfiler-users mailing list
[email protected]
https://lists.openfiler.com/mailman/listinfo/openfiler-users
