> > On Wed, 17 Oct 2001, Sweth Chandramouli wrote: > > MTAs can be run in local-delivery-only mode: I, personally, would > > probably opt for a single login mechanism on a secure server, rather > > than a push mechanism to get the files to the admin workstations. It's > > Agreed. My intent in asking the question was actually focused more on > how the login mechanism should work. Should admin workstations be > allowed to log in? Should physical presence on the loghost be required? IMHO, it's necessary in many cases to permit remote login so that admins can do debugging without being physically present (a site staffed 7x24 might be able to get away without this). However, the authentication mechanism should preferrably not depend on network resources. E.g. home dirs should be local, don't use NIS, etc.. I personally prefer a local homedir with a local .ssh/authorized_keys file where the associated identity file is sufficiently encrypted. An exception to the local auth requirement may be made if something like SecurID is being used to a server on the net. cheers, bl -- //====== Brett G. Lemoine -=- <blat_private> ===============================\\ || Info. Systems Architect | || ||Core Unix System Services| I just want revenge. || || Incyte Genomics | Is that so wrong? || ||Palo Alto, CA / Plano, TX| || |+-------------------------+-------------------------------------------------+| \\== PGP Key Fingerprint: 68 A1 2A 2D 82 CE E9 70 5B 80 D1 11 EC F3 FB 85 ==// --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 15:53:14 PDT