Contributed by jose on from the windows-administration dept.
Has anyone tried this on OpenBSD?
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the windows-administration dept.
Has anyone tried this on OpenBSD?
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Rob Lessard () on
Comments
By Anonymous Coward () on
By James Moss () moss at acmeunix dot org on mailto:moss at acmeunix dot org
I realize, seemingly a while ago now, pam had a few security issues, but I haven't heard anything for quite some time about these issues.
Comments
By Brad () brad@comstyle.com on mailto:brad@comstyle.com
By Anonymous Coward () on
By Anonymous Coward () on
(Yes, I know about smbclient and Sharity [light].)
Comments
By Anonymous Coward () on
SMBFS has been partially created (rumoured to be fairly functional) on FreeBSD, it's definitely a fixer-upper, but there's some base code at http://people.freebsd.org/~bp/smben.html
Comments
By Anonymous Coward () on
By RC () on
Why bother with tunneling NFS over SSH? Why bother with AFS and Kerberos, which have had numerous serious bugs, and require a full-fledged network infrastructure?
Comments
By Jacob () on
By Jan J () on
I work with AFS and it rocks socks. Need another terrabyte just jack in a server (or extra disk) and of you go. Move data while it is beeing accessed, paths don't change and so on.
However it should be said that setting up an AFS cell is not the easiest task, developemnt stod still for five years put many interesting things is on the way.
Comments
By Anonymous Coward () on
Umm, what?
> I work with AFS and it rocks socks.
I didn't say it's a bad remote filesystem by any means. However:
* It has had several security issues.
* There is a large installed base of SSH servers.
* Kerberos isn't the best system for inter-network security (eg. overlapping, independent administration)...
* Public-key is a much better security system over something such as the internet.
* I like TCP.
* SSH already has good compression built-in
* SSH has multiple ciphers of variable strength that can be negotiated both by the server, and the client.
And those are just the things that instantly come to mind.
Comments
By Hans Insulander () hin@openbbsd.org on mailto:hin@openbbsd.org
You're comparing a key distribution protocol to a remote login protocol.
By Jan J () on
AFS is enterprise stuff, it has alot of nice features when working with larger data amounts (think terra byte).
SFS(/SSH FS) is great for the homehacker who wants to share files with friends.
An example:
Your fileserver runs out of CPU or DISK.
AFS: Add another server/disk move some data (while people are using the same data) and you are done.
SFS: Either have downtime to exchange the server/disk or add another server/disk and get upset users when you tell them their file is now on foo:/bar instead of kaka:/bulle.
By Jan J () on
Development started 1984, what had security back then?
> * There is a large installed base of SSH servers.
Irrelevant, how it solves the problem is what is relevant.
> * Kerberos isn't the best system for inter-network security (eg. overlapping, independent administration)...
I am not sure how you mean. It serves our needs very well. Better than anything I have seen. (1300 users that need to login to 300 different machines both windows and UNIX with one password).
> * Public-key is a much better security system over something such as the internet.
Public-key is good but has a big problem. How do you exchange your keys? Either you trust verisign or you call the admin "Is this the correct key?" (Private-key has the same problem).
> * I like TCP.
I like ice-cream.
> * SSH already has good compression built-in
Yeah compression is such a huge problem. It almost impossible to implement.
> * SSH has multiple ciphers of variable strength that can be negotiated both by the server, and the client.
Keberos 5 has multiple cipers. This is irrelevant for the filesystem. A filesystem that needs crypto only needs one good cipher and a way to make sure the crypto is setup properly.
AFS has crypto. Not many use it because of overhead. Future versions will be able to tell what volumes/directories that should be encrypted saving CPU on files that are public anyway.
By scott () ess see oh tee tee AT mutiny.net on mailto:ess see oh tee tee AT mutiny.net
http://www.fs.net/
SFS is a secure, global network file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. SFS lets you share files across administrative realms without involving administrators or certification authorities.
Comments
By RC () on
By Anonymous Coward () on
I've tried to resolve the issue to no avail. A base openbsd install and sharity installed either from ports or packages both fails. I've used sharity-light under all the previous versions of obsd with the same commands with no problem.
Any ideas on why sharity isn't working properly?
after axecuting this command:
(/usr/local/sbin/shlight //servername/share /localmount -n
I always get this error:
error connecting to server: [1] Operation not
permitted
Comments
By Guruh () on
By Anonymous Coward () on
also check the man
that's what i use, works fine :) but i'd rather have smbmount, or like someone else said scpfs/sshfs because sharity-light works rather slow.
By Nisse () .. on ..
And no the hw is not crappy ;)
Comments
By David () david@open6.net on mailto:david@open6.net
By Anonymous Coward () on
It turned out to be an IRQ conflict (with either the VGA or the SCSI cards I cannot remember) It was solved by moving the ethernet card (fxp) to another PCI slot.
Comments
By rX () on
at boot ?
mine start in mode 2 and must downgrade with errors..
thanks
By Rob Lessard () on
Anyway, the samba ADS (active directory) how to, states that the Heimdal libraries will not work in setting up a samba 3 system for kerberos authentication in an ADS environment. You must use the MIT libraries.
The implication was that you have a win2k domain controller running ADS, a win2k kdc and you are replacing a file or application server with a samba 3 system. This is making the assumption that the samba system would have to conform to the win2k standards.
I do not know what the impact of the above would be if you were attempting to use OBSD/samba 3 to replace the password servers/kdc and would therefore be authenticating to a heimdal system.
By Bolke de Bruin () bolke@skoll.nl on http://www.skoll.nl
No ldap used yet though, I might when they start mimicing a AD DC.
By Anonymous Coward () on