On Fri, 30 Oct 2009 15:58:55 +0100
Bram Senders <b...@luon.net> wrote:

> Hi there,
> 
> I'm considering using libnss-pgsql for using the same authentication
> information on several machines, and I'm interested in the following.
> 

If you want to make a system of multiple machines does not recommend
the use of NSS and network access to NSS for *authentication* at all (it
does not matter libnss-pgsql2 or another module)

Otherwise, in this case the attacker by breaking one of the machines to
obtain root permission will be able to immediately take all logins and
passwords hashes from your NSS DB.

NSS can be used for authorization but not for authentication. Use PAM
instread it.

Attachment: signature.asc
Description: PGP signature

Reply via email to