Alan Cox wrote:
>
> > What you are about to ship is like swiss cheese, and could render any
> > Linux server a point of attack that will allow a hacker to get into a
> > single server with a replica, then gain access to the entire Network.
>
> If it works as described then its already a swiss cheese. You just need to put
> up a fake or compromised box and collect the data. Breaking into Novell boxes
> and doing bios level I/O isnt hard.
On NetWare, there's stuff built into the OS to prevent this from
happening. But yu are correct, all someone has to do is impersonate a
NetWare server and host a replica, then you could steal the box or
something, hack it and you've got everything for the entire NetWork.
Our NDS is implemented as an envelope of the 88 verbs around OpenLDAP
with standard Linux security -- Novell's is an NDS core with an LDAP
mapping layer on top ported straight our of NetWare -- exactly the
reverse of what Novell is giving you. Unlike them, the issues on Linux
security are something I've thought about for a long time, and MANOS NDS
on Linux was not a "knee-jerk" after thought.
>
> Mind you, until its open source I'll stick with LDAP and kerberos. For one I
> trust folks like Ted more to get it right.
Who is Ted, BTW? Good, It will be out on MANOS and Ute. You will be
able to get the RPM at that time.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Sep 29 2000 - 20:31:12 EDT