NIS/NFS question

From: Wayne Pinette (Wpinette_at_tru.ca)
Date: 06/29/05

  • Next message: Will McDonald: "Re: NIS/NFS question" 
    Date: Wed, 29 Jun 2005 14:36:40 -0700
To: <redhat-list@redhat.com>

    I have a question regarding NIS and was wondering if anyone had any
    ideas.

    We are creating a Linux workstation lab for students. We have a
    central linux box which teh students can ssh into from home.
    The lab is a place where they can log in and work on their work. We
    are using NIS to authenticate the workstations and we are nfs mounting
    the /home directory. This is all pretty standard and make sense. Here
    is the problem :

    If a student walks into the lab with their laptop running their
    favourite linux to which they have root access, unplugs a workstation,
    plugs in their laptop, hardcodes the worksation's ip, sets ups his
    laptop to nis authenticate and nfs share just like the workstation,
    logs in as root, he can now su to any student id on the system.
    Although I quash root on the nfs share, it does not stop this student
    from getting access to any other students (or instructors) material on
    the server. Although my nis server only trusts a small list of
    ip addresses, it's trust is still only based on ip. Is there a way to
    add some sort of certificate trust to nis or some other mechanism to
    check against
    before nis will trust a machine on it network other than just ip?

    Wayner 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Will McDonald: "Re: NIS/NFS question"

    Relevant Pages

    • Re: NIS/NFS question
      ... unauthorized hosts to your network. ... > We are creating a Linux workstation lab for students. ... > central linux box which teh students can ssh into from home. ... > are using NIS to authenticate the workstations and we are nfs mounting ...
      (RedHat)
    • Re: NIS/NFS question
      ... > I have a question regarding NIS and was wondering if anyone had any ... > We are creating a Linux workstation lab for students. ... > central linux box which teh students can ssh into from home. ... it's trust is still only based on ip. ...
      (RedHat)
    • RE: NIS/NFS question
      ... I have a question regarding NIS and was wondering if anyone had any ... We are creating a Linux workstation lab for students. ... it's trust is still only based on ip. ...
      (RedHat)
    • RE: NIS/NFS question
      ... I have a question regarding NIS and was wondering if anyone had any ... We are creating a Linux workstation lab for students. ... it's trust is still only based on ip. ...
      (RedHat)
    • Re: NIS/NFS question
      ... they are a lab. ... does not consider root all powerful like nis does. ... Then you could run arpwatch on the NFS server - if a student tries ... > We are creating a Linux workstation lab for students. ...
      (RedHat)