On Fri, 30 Oct 2009 15:58:55 +0100 Bram Senders <b...@luon.net> wrote:
> Hi there, > > I'm considering using libnss-pgsql for using the same authentication > information on several machines, and I'm interested in the following. > If you want to make a system of multiple machines does not recommend the use of NSS and network access to NSS for *authentication* at all (it does not matter libnss-pgsql2 or another module) Otherwise, in this case the attacker by breaking one of the machines to obtain root permission will be able to immediately take all logins and passwords hashes from your NSS DB. NSS can be used for authorization but not for authentication. Use PAM instread it.
signature.asc
Description: PGP signature
