SUMMARY - NIS+ credential propagation

From: Peter D. Gray (pdg@draci.its.uow.edu.au)
Date: Sun Feb 21 1999 - 21:30:06 CST


My original message was:

>
> Background - I have a group of SUNs (mixture of 2.6 and solaris 7)
> and I want to move to secure NFS as the file sharing
> technology.
>
> If a user signs on normally (supplying a password)
> then the users secret key is decrypted and secure
> RPC and hence secure NFS work fine. The secret key is
> cached in keyserv as far as I know.
>
> However, what happens if a user logs into another machine
> using SSH or similar where a password is not required
> for authentication? On the new machine the secret key is not
> available because the password has never been supplied
> to decrypt the users secret key and NFS does not work
> for the user. This is bad.
>
> Question - is there any way to propagate the secrey key
> between machines when a user logs into one machine
> from another without supplying a plain text password?
>

I only received a few replies and the final answer appears to be
that credentials are not propagated and you would have to
write your own system to make it happen.

However, SUN have a new product in the pipeline called SEAM which
will (I hope) address my problem as well as a few other security
issues. SEAM will be part of Solstice Enterprise Manager.
Some information on SEAM is available on the SUN website.
Release is slated for mid year.

Many thanks to those who replied.

Regards,
pdg



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:15 CDT