Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
We do something very similar ... though if your Windows domain is
provided by Active Directory, then you might consider pam_krb5 (Kerberos
pam module).
Then you don't have to worry about an extra setup that pam_smb might
need.
Cheers,
Ryan
-----Original Message-----
From: Rick Buford [mailto:EMAIL:PROTECTED]
Sent: Friday, February 01, 2002 4:26 PM
To: Members (E-mail)
Subject: [MLUG] pam_smb
I am wondering if anyone has run into any glaring or subtle security
problems with pam_smb. I'm in the process of upgrading my edge linux
servers
that are responsible for dns, mail, and incoming ssh tunnels for remote
desktop adminstration. Administering the the incoming ssh sessions
becomes a
lot easier if I can pawn off password adminsitration to the Windows
domain
since all I have to do then is create an account and disable it in
/etc/shadow. I have also modified a custom shell so that the user has no
actual access to the gateway itself. Are there any glaring holes in this
I
should be watching out for, or has anyone run into any problems with
pam_smb?
We've carved out a pretty respectable niche for linux in an all NT shop,
and
I wanna make sure I'm not opening up any new holes that I don't have to.
Rick
"I'm not sure which upsets me more: that people are so unwilling
to accept responsibility for their own actions, or that they are
so eager to regulate everyone else's." -- Kee Hinckley
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact