On Sun, 2005-06-05 at 08:31 -0500, akonstam@xxxxxxxxxxx wrote: > > > Ok, now the question. I have been hearing from people about security > > > flaws. Well what about about this. A number of our faculty have set up > > > their personal machines as NIS clients. It makes it easier to get to > > > their class related files. My feeling this is a tremendous security > > > hole, since a first important step in hacking a machine might be logging in > > > to the machine. Making faculty personal machines NIS clients > > > means that any of the 1000 or so students can log in to the faculty > > > machine. Does any one else think that this is a bad idea, or am I > > > confused? > No that is not the problem I am talking about. To hack a machine > remotely is a hell of a lot harder to do from a different machine > than it is if you are logged on to the machine you want to hack. It > has nothing to so with whether or not the instructor leaves his > machine logged on. Well not nothing but I am not talking about that > situation. > > I am not concerned if people disagree with me but I am frustrated that > I can't clearly formulate my question so people see what I am asking. First, this is a wrong list to discuss this - you should have posted this to fedora-list. You can close this hole easily by adding 'account required pam_access.so' to the system_auth pam config file. You will put all instructors to some group - f.e. 'instructors' and add a line to the /etc/security/access.conf: '-:ALL EXCEPT root instructors:ALL' This will disable login access for all people except root and instructors. -- Tomas Mraz <tmraz@xxxxxxxxxx>