managing user accounts without NIS
Robert G. Brown
rgb at phy.duke.edu
Tue May 23 11:26:21 PDT 2000
On Sun, 21 May 2000, dwight wrote:
> Victor Ortega wrote:
> > NIS and NFS are insecure and incur performance penalties. I'm looking
> > for better alternatives. My idea of setuid-root wrappers (using rsync
> > for distribution of relevant files) already provides a more secure,
> > high-performance, high-availability alternative; I just want to make
> > sure that there isn't something better out there already, and that I'm
> > not overlooking some potential security hole.
> Just using rsync per se might well subject you to a man-in-the-middle
> attack, or a spoofing attack. ssh/scp would be a better tool.
Right, if possible, always use rsync with ssh -- "rsync -e /usr/bin/ssh"
or set RSYNC_RSH to /usr/bin/ssh (or whatever it's path is) and then use
rsync normally. There are also a few (mostly "bad") ways to give it a
passwd to use with the hosts. One could so this better inside a /bin/sh
or perl script.
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Beowulf