NIS Linux - Ubuntu
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Wed Dec 26 18:10:08 PST 2007
Chad Perrin <perrin at apotheon.com> writes:
> On Thu, Dec 20, 2007 at 09:32:50AM -0500, Lowell Gilbert wrote:
>> RA Cohen <roy2098 at yahoo.com> writes:
>>
>> > I am sorry, here is an addendum to my previous post:
>> >
>> >>>Somehow Ubuntu was given root user
>> > permissions<<
>> >
>> > Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password.
>> >
>> > And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate.
>>
>> Sounds like Ubuntu is using the wrong map, probably one where it's
>> getting a different and empty field where it expects to find a password.
>
> The behavior with an asterisk instead of an X is pretty worrisome,
> however, and is not strictly Ubuntu's fault. Security of a server should
> not rely on the good will and competence of the client developers.
I agree with the latter sentence, but not the former.
When using NFS (without Kerberos), it is built into the protocol that
the server trusts the client on the UID/GID.
That is a good reason not to use NFS in an untrusted environment, but
there really isn't anything FreeBSD can do about it.
More information about the freebsd-questions
mailing list