[NTLUG:Discuss] Apache/Samba password sync
S. Bradley Christian
webmaster at millerparker.com
Fri Apr 26 15:05:27 CDT 2002
Thanks Madcat, I'll think I'll stick to the better part of valor and make
remember *gasp* 2 passwords:)
-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of MadHat
Sent: Friday, April 26, 2002 1:32 PM
To: NTLUG-Discuss
Subject: Re: [NTLUG:Discuss] Apache/Samba password sync
On Fri, 2002-04-26 at 11:27, S. Bradley Christian wrote:
> Is there a safe way to implement a single user account/password between my
> Samba PDC and an Apache webserver out in my dmz?
>
> Along the same lines, is it advisable to use a dual-homed Apache web
server,
> one interface public and one on the lan?
There are perl modules to do SMB authentication that you could use, and
there are some NTLM auth modules for Apache being developed
(modntlm.sourceforge.net, IIRC). You have 2 security issues with this,
one is opening the PDC and the network it is on to the DMZ (whether it
be via ACLs through a firewall or via a dual homed machine, it is still
a hole) and that you then have a way to brute force your NT accounts, or
lock them out causing a simple account DoS. (not that brute forcing
passwds is not possible without NTML auth, but it opens it up to a new
realm).
>
> Thanks,
> Brad
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
--
MadHat at Unspecific.com
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Key fingerprint = E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list