NIS/NFS question

[Wayne Pinette]

Yes, I guess I should have mentioned that we thought of this, and we
have this capability, but the individual who is in charge of the switch
ports would really really really like to come up with a different
solution :-).  

Good one though  :-)

Wayner


>>> Will McDonald <wmcdonald at gmail.com> 06/29/05 3:37 pm >>>
One potential solution, if you have the facility, could be to lock
your switch ports to the MAC addresses of each specific lab host's
network cards? That way no one can just wander in and connect
unauthorized hosts to your network.

Will.



On 29/06/05, Wayne Pinette <Wpinette at tru.ca> wrote:
> I have a question regarding NIS and was wondering if anyone had any
> ideas.
> 
> We are creating a Linux workstation lab for students.  We have a
> central linux box which teh students can ssh into from home.
> The lab is a place where they can log in and work on their work.  We
> are using NIS to authenticate the workstations and we are nfs
mounting
> the /home directory.  This is all pretty standard and make sense. 
Here
> is the problem :
> 
> If a student walks into the lab with their laptop running their
> favourite linux to which they have root access, unplugs a
workstation,
> plugs in their laptop, hardcodes the worksation's ip, sets ups his
> laptop to nis authenticate and nfs share just like the workstation,
> logs in as root, he can now su to any student id on the system.
> Although I quash root on the nfs share, it does not stop this
student
> from getting access to any other students (or instructors) material
on
> the server.  Although my nis server only trusts a small list of
> ip addresses, it's trust is still only based on ip.  Is there a way
to
> add some sort of certificate trust to nis or some other mechanism to
> check against
> before nis will trust a machine on it network other than just ip?
> 
> Wayner

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe 
https://www.redhat.com/mailman/listinfo/redhat-list