Re: NMRC Advisory - Default NDS Rights

From: M. Baker (mbakerat_private)
Date: Sat Sep 19 1998 - 21:03:45 PDT

Next message: Simple Nomad: "Re: NMRC Advisory - Default NDS Rights"

Previous message: Niall Smart: "Re: Tcpwrapper 7.6 - feature -"
Maybe in reply to: Simple Nomad: "NMRC Advisory - Default NDS Rights"
Next in thread: Simple Nomad: "Re: NMRC Advisory - Default NDS Rights"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Very true.

Everyone get's [B]rowse object rights from the fact that they are included
as a member of the [PUBLIC] trustee which covers everyone authenticated and
those that are not. Your workaround was a little inaccurate. Just removing
the [PUBLIC] trustee as a trustee of [Root] will remove NDS functionality
of your users. What I suggest to most people is that they remove the
[PUBLIC] trustee and then make [Root] a trustee of itself and then give
[Root] Browse rights to itself. This gives users the ability to browse the
tree, not loose any functionality. Now they have to authenticate to see the
tree rather than just attaching.
Hope this clears things up.

BTW I wouldn't class this as a security problem, depending on your site you
may want [PUBLIC] to be a trustee of [ROOT] if you don't want that do what
I stated above.



Michael

Next message: Simple Nomad: "Re: NMRC Advisory - Default NDS Rights"
Previous message: Niall Smart: "Re: Tcpwrapper 7.6 - feature -"
Maybe in reply to: Simple Nomad: "NMRC Advisory - Default NDS Rights"
Next in thread: Simple Nomad: "Re: NMRC Advisory - Default NDS Rights"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:03 PDT