Date: Wed, 26 Dec 2007 21:10:00 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: freebsd-questions@freebsd.org Subject: Re: NIS Linux - Ubuntu Message-ID: <4463yksxaf.fsf@Lowell-Desk.lan> In-Reply-To: <20071220195027.GB54762@demeter.hydra> (Chad Perrin's message of "Thu\, 20 Dec 2007 12\:50\:27 -0700") References: <54129.66383.qm@web54201.mail.re2.yahoo.com> <44fxxxphbh.fsf@be-well.ilk.org> <20071220195027.GB54762@demeter.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Perrin <perrin@apotheon.com> writes: > On Thu, Dec 20, 2007 at 09:32:50AM -0500, Lowell Gilbert wrote: >> RA Cohen <roy2098@yahoo.com> writes: >> >> > I am sorry, here is an addendum to my previous post: >> > >> >>>Somehow Ubuntu was given root user >> > permissions<< >> > >> > Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password. >> > >> > And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate. >> >> Sounds like Ubuntu is using the wrong map, probably one where it's >> getting a different and empty field where it expects to find a password. > > The behavior with an asterisk instead of an X is pretty worrisome, > however, and is not strictly Ubuntu's fault. Security of a server should > not rely on the good will and competence of the client developers. I agree with the latter sentence, but not the former. When using NFS (without Kerberos), it is built into the protocol that the server trusts the client on the UID/GID. That is a good reason not to use NFS in an untrusted environment, but there really isn't anything FreeBSD can do about it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4463yksxaf.fsf>