What we have to work with:
Users have full control over their workstations
Users should be able to use any workstation
Users should be able to get all their files from any workstation
What this means is we cannot trust the authentication of the clients;
the servers must perform some level of auth
On Fri, 2003-01-31 at 14:24, Kevin Jackson wrote:
> NFS/NIS _or_ Security. AFAIK, its always been the two options.
>
> So the problem really resolves around a way of protecting root on the
> local system AND still provide NFS-like mounting of remote directories.
> These aren't answered by usin
If you mean from "if they have physical access to the box and are
determined, they'll get root anyway" you mean exploit some unpatched
service on the system -- then you may aswell forget about and type of NFS
"squash" option altogether! ...as we are in a different territory now.
See other security
Not sure why this message didn't get posted after I sent it the first time...
On Sun, 2003-01-26 at 07:28, Nicolas Justin wrote:
> There is a way that prevent the local root to su to a NIS user, and so modify
> anyone personnal data ?
There is a way to accomplish this if the workstations with ro
Hi,
NJ> We have a server sharing home directory trough NFS and NIS to user's PCs.
NJ> On each client there is a local root for the user (these stations are used
NJ> for system administration courses).
NJ> There is a way that prevent the local root to su to a NIS user, and so modify
NJ> anyone pe
