[NTLUG:Discuss] Apache/Samba password sync
MadHat
madhat at unspecific.com
Fri Apr 26 13:31:58 CDT 2002
On Fri, 2002-04-26 at 11:27, S. Bradley Christian wrote:
> Is there a safe way to implement a single user account/password between my
> Samba PDC and an Apache webserver out in my dmz?
>
> Along the same lines, is it advisable to use a dual-homed Apache web server,
> one interface public and one on the lan?
There are perl modules to do SMB authentication that you could use, and
there are some NTLM auth modules for Apache being developed
(modntlm.sourceforge.net, IIRC). You have 2 security issues with this,
one is opening the PDC and the network it is on to the DMZ (whether it
be via ACLs through a firewall or via a dual homed machine, it is still
a hole) and that you then have a way to brute force your NT accounts, or
lock them out causing a simple account DoS. (not that brute forcing
passwds is not possible without NTML auth, but it opens it up to a new
realm).
>
> Thanks,
> Brad
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
--
MadHat at Unspecific.com
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Key fingerprint = E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
More information about the Discuss
mailing list