On Thu, Jan 30, 2003 at 04:09:21PM -0800, chip wiegand wrote:
I am going to set up a new machine with fbsd4.7R for web use - apache,
mysql, php, phpmyadmin. I will be co-locating this box at my isp's
office. I would like to make sure this is as secure as possible and
still be able to have direct access to upload files and maintain, pull
off log files, etc. I was reading the handbook chapter on security and
am not sure if I should use kerberos, which I know nothing about, or
ssh. I was a little confused about the setup of kerberos in the kerberos
chapter.
My feeling is that ssh(1) would probably serve you better in your
situation, and that Kerberos is probably overkill.
ssh(1) is a standard part of a FreeBSD system and needs no extra
make.conf options to enable. You can use it as a drop in replacement
for rsh(1) and rcp(1) without any pre-amble, although setting up
identity keys (ssh-keygen(1)) and the use of ssh-agent(1) will improve
the whole experience. You'll find rsync(1) (ports net/rsync) to be a
very handy tool for uploading and managing web site content, and rsync
runs by default over ssh(1) on FreeBSD nowadays.
Kerberos, on the other hand, seems to be designed to secure large,
multi-computer sites like Universities. If you want an introduction
to Kerberizing a site, take a look at:
http://www.ornl.gov/~jar/HowToKerb.html
although you can pretty much ignore the instructions on compiling
Kerberos, as it's bundled with FreeBSD already (needs a buildworld to
enable though). Kerberos and ssh aren't mutually exclusive either ---
ssh can use kerberos tickets to authenticate logins, and ssh provides
the ability to tunnel X sessions securely, which Kerberos lacks.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
