OS X and FreeBSD: What could be a good setup

Bart Silverstrim bsilver at chrononomicon.com
Mon Apr 12 13:48:21 PDT 2004

On Apr 12, 2004, at 3:14 PM, Chuck Swiger wrote:

> Bart Silverstrim wrote:
> [ ... ]
>> I'm looking at using FreeBSD on a server (web, mail, file server) 
>> with OS X, Windows, and probably Linux clients.  I'd like the FreeBSD 
>> server to handle authentication, but that may be a pipe dream to 
>> accomplish across platforms easily :-/
> LDAP would be the way to go given the platforms you mention, although 
> NIS would work for everything but Windows and would be much easier to 
> set up.

I suppose this would leave Windows 9x out of the loop :-)  I did see 
where pGINA was making strides for XP/NT2K, though, to make LDAP 
authentication simpler...

> [ ... ]
>> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone 
>> able to tell me if CIFS is secure "over the wire".  I seem to recall 
>> a utility that would sniff network packets and if NFS is used, it can 
>> capture the files as they're travelling over the network; can this 
>> happen with CIFS?
> Oh, yes: unless you use an encrypted tunnelling protocol like a VPN or 
> an SSH tunnel, pretty much all filesharing protocols are vulnerable to 
> subnet-local sniffing.  Using strong encryption when using wireless is 
> a fine idea.  :-)

VPN would be a little strong to use for client->wap, though, wouldn't 
it?  I have used VPN's for WAP<->WAP bridges, but not for a notebook 
computer to a WAP.

What I HAVE used is SSH, to create a redirected series of ports.  
That's reasonably simple to open on a notebook.  BUT I don't know how 
(or even *if*) it could be used to redirect CIFS connections.

How come NFS got such heavy flak for insecurity when CIFS also 
transfers in clear text over the wire?  Just curious...perhaps it's 
easier to misconfigure to allow mounts that people didn't mean to mount 
(although the same could be said of being able to mount C$ without the 
user on the machine knowing it...)


More information about the freebsd-questions mailing list