From owner-freebsd-net  Sat Dec  8 17:52:50 2001
Delivered-To: freebsd-net@freebsd.org
Received: from a.mx.everquick.net (a.mx.everquick.net [216.89.137.3])
	by hub.freebsd.org (Postfix) with ESMTP id 8078537B417
	for <net@freebsd.org>; Sat,  8 Dec 2001 17:52:46 -0800 (PST)
Received: from localhost (eddy@localhost)
	by a.mx.everquick.net (8.11.6/8.10.2) with ESMTP id fB91qff07911
	for <net@freebsd.org>; Sun, 9 Dec 2001 01:52:41 GMT
X-EverQuick-No-Abuse: Report any e-mail abuse to <abuse@noc.everquick.net>
Date: Sun, 9 Dec 2001 01:52:40 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: net@freebsd.org
Subject: KRB5 + hacked portmap + ypserv
Message-ID: <Pine.LNX.4.20.0112090135280.7839-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Greetings all,

I've been looking into running KRB5 and NIS.  Alas, portmapped
services are somewhat firewall-unfriendly, a la FTP.  True,
deny-by-default "keeps the bad guys out", but I can think of
instances where one might want to allow selected access from
specific IP addresses...

It also seems logical to combine user/group info with KRB
authentication.

What about:

* Portmapped services can be assigned to static UDP/TCP ports
* KRB5 gets to play ypserv.

Note that a beneficial side effect would be that we needn't worry
about returning the shadow password map... KRB handles auth.

It seems to me that a small amount of hacking might yield a
single, centralized user management system that is friendly to
firewalls.

Anything like this exist?  Any interest?


Eddy

P.S. -- I'm an NIS newbie.  I'll take no offense if someone says
that I need to be larted with a clue-by-four, as long as there's
a bit of constructive criticism. :-)

---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist@brics.com>, or you are likely to be blocked.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message