newbie vserver/auth question.

Japie japie at deserver.nl
Sun Mar 27 09:15:16 PST 2005


Hello,

Introduction:
After some suxsesfull lfs builds whereoff one is my server wich is in the
air now for 1.5 year without being hacked, I'am going to replace it with
am ppc based server and since it's the only ppc in the house I realle not
want that machine to be hacked.

So I read the hlfs book and it looks promising but still some questions
remains, doo they seem to be more bhlfs related.

First problem is, will I build and use servers (apache, postfix, samba) 
the normal way (chrooted if possible, else yust as they are) or will I use
vserver? (I never used it, but yust read the page and it sounds promising
and safe)
Since I'am not really into security I was hoping to get some feedback
about this here.
Is vserver really a solution?

The second thing I'am wondering is about auth, currently I'am using
standard shadow on my server, it's a stand-alone with all services inside,
only one samba machine uses the server as domain controler.
It's tempting to start using something fancy as PAM or even more fancy
LDAP, but aren't extra apps. an extra security risk?
Or does PAM add's an extra security to the standard login mechanism?
LDAP could be usefull if servers are running in vserver and can't access
the passwords files, but is that safe?

I know this is a long mail, and probebly not very welcom, but maybe you
are willing to give me some usefull information.
-- 
Groetjes Japie



More information about the hlfs-dev mailing list