[Gllug] Selective SSH logins
Jose Luis Martinez
jjllmmss at googlemail.com
Tue Aug 26 17:35:52 UTC 2008
2008/8/26 Daniel P. Berrange <dan at berrange.com>:
<snip>
> And if you have NFS home directories, and aren't requiring Keberized NFS
> clients, then SSH keys are worse than useless thanks to NFS' complete lack
> of a security model (ie it trusts clients to be truthful wrt to UIDs). And
> if you are requiring Kerberized NFS, then you can just use GSSAPI logins
> anyway, so don't need SSH keys. SSH keys + NFS home dirs == recipe for
> disaster. Of course non-Kerberized NFS + password login is no better
In a previous job of mine NFS + ssh keys was a grave offence that
could lead to dismissal, a justified policy if you ask me.
> either.
>
> Daniel
> --
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list