[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Mutiple Passwords for each user on the Raq ??
- Subject: Re: [cobalt-security] Mutiple Passwords for each user on the Raq ??
- From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
- Date: Mon, 15 Jan 2001 22:11:28 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Kul schrieb:
> Q1. Is it possible to set up user accounts, giving them different passwords for > different services on the Raq, i.e. Email, FTP, SSH .......
email : you could create another account for a user, disable shell
access and forward mail (or create an alias) to the "mail-only" account
(a personal web directory will be created by default, though).
ftp (i`m not sure with proftpd) and ssh require shell access (a valid
shell entry in /etc/passwd).
> The POP email and GUI logins (in fact all logins) concern me a little in that > encryption is not mandatory, so my feeling is that if my users have a SMALL
you could use ssl encryption for the gui (or better, disable gui access
for your users at all by outcommenting the rewrite rules in httpd.conf).
another possibility to avoid unencrypted traffic would be to use ssh`s
port forwarding capabilities and allow the services started by inetd to
respond only to local requests.
instead of ftp, you could use scp (secure copy from ssh). i remember a
security hole some time ago concerning some 1.2.x versions...
> Q2. Is there any software on the Raq/Linux that is able to inform a user that their password has not been changed for a specified length of time? And subsequently close/suspend the account if the password is not changed within a specified time limit.
PAM (pluggable authentication modules)
man chage
btw : you should not aspect to be able to secure a default cobalt like a
standalone mainframe environment. if you really *need* high security,
pull out the network cable ;-)
some basic measures are possible without breaking the cobalt`s
functions, but if you need more security and want a free OS, you should
consider Debian Linux or BSD, without the goodies of the cobalt, though.
cu
--
H. P. Stroebel, Germany
CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/
Apollo 13 - Commander : "Houston, we have a problem"
Win2000 - Administrator : "Redmond, we have 64000 problems"