OpenBSD Journal

[BSDCon 2002] Todd Miller's slides available

Contributed by Dengue on from the what's-new-in-3.1 dept.

Todd Miller has made his presentation from BSDCon 2002 available online. Of particular interest, are his "What to look forward to in 3.1" and "Longer Term projects" slides.

I'm excited about the added UltraSPARC support now that I have an Ultra 5. Now, if only LDAP could make it as a supported BSD Authentication method, I'd giggle like a schoolgirl.

(Comments are closed)


Comments
  1. By Alejandro Belluscio () baldusi@hotmail.com on mailto:baldusi@hotmail.com

    Doesn't YP equates to LDAP?
    I think that this was the case under Red Hat.
    Anyway, it's not a good idea to use LDAP for authentication. Si easy, but not very secure. Better yet use Kerberos V. But keep in mind that if anybody can get your password, even under Kerberos V, they have access to the whole network.
    That's why I prefer to have separate password files and a list of very difficult to guess passwords. If you have too many systems try at least of no creating one user with root access for all. Try to separate them by type of system and work if possible.

    Comments
    1. By knomevol () on

      First of all, YP != LDAP. YP is NIS after a lawsuite from one Bell company or another ("yellow pages" is (c)and(t)).

      Second of all, LDAP is secure if you implement it securely.

      And, thirdly, in corporate environments where there are hundreds or thousands of servers it would be by far less secure to try and handle employee turnover across hundreds or thousands of /etc/passwd files than centralizing internal-user authentication via LDAP.

      Comments
      1. By Alejandro Belluscio () baldusi@hotmail.com on mailto:baldusi@hotmail.com

        Playboy.com was hacked because they compromised the LDAP account. Please understand that what I'm saying, if you use LDAP, then have as many roots accounts as possible. Specially for servers configured differently, so, if there's a compromise in one of them, the intruders can't infect the others systems with the priviledges they earned in that server.

        Comments
        1. By Roo () on

          Yeah, but surely you can still control who has access to what subsystem though ?

          Therefore although the authentification is centralised, you can still implement the old style disjointed system by having multiple accounts set up for a particular person.

          Cheers,
          Rupert

    2. By Anonymous Coward () on

  2. By Anonymous Coward () on

    Does anyone have any advice on troubleshooting an UltraSparc 10? I was able to install OBSD 3.0 from the CD, quite easily on an Ultra10, but it is acting flakey. I don't have anything to compare it to, to see if it is early code, or bad hardware. I guess I could go back and install Solaris 2.7 on it, but is there an easier way?

    How do you isolate bad hardware vs. software when dealing with Sparcs? Intel platforms are pretty plentiful, and easy to swap parts on.

    I hope 3.1 Install.sparc64 gives some general advice on working with hardware. I think it is great that the platform is supported.

    Comments
    1. By Ernie () on

      Get into the firmware, basically the bios. A few ways to do this are, from solaris type 'init 0', or 'halt' should work in solaris or OpenBSD. Another way is to hit the 'Stop' and A keys on your sun keyboard at the same time. Yet another is to hook a serial cable up, and send a break signal ... Anyway, once at the 'ok' prompt try typing:
      test-all

      help diag will give you some basic usage information ... this is some basic built-in diagnostics ... might point you in the right direction.

  3. By Gimlet () on

    Okay, this is what I like about the OpenBSD project. The developers actually have a gameplan of what they want to accomplish, and then go about getting it done. Very professional.

  4. By Nobody () on

    I giggle like a school-girl daily. It doesn't take much.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]