Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!rpi!zaphod.mps.ohio-state.edu!wuarchive!psuvax1!rutgers!soleil!mlb.semi.harris.com!dave.mis.semi.harris.com!dcb
From: dcb@dave.mis.semi.harris.com (Dave Brillhart)
Newsgroups: comp.unix.ultrix
Subject: ENHANCED SECURITY ULTRIX 4.1
Message-ID: <1991Mar6.212110.22576@mlb.semi.harris.com>
Date: 6 Mar 91 21:21:10 GMT
Sender: news@mlb.semi.harris.com
Reply-To: dcb@dave.mis.semi.harris.com (Dave Brillhart)
Organization: Harris Semiconductor, Melbourne, FL
Lines: 19
Nntp-Posting-Host: dave.mis.semi.harris.com

This weekend, we are are planning to enable the ENHANCED security features
on our  2 5830's, a 5820, and a 5500.  Currently we are only using the
standard BSD security [features?] with a seperate host file and passwd file
on each (acutally 2 are trying to use YP). We are also planning to run BIND/
Hesiod and Kerberos in an effort to use a secure single host file and single
user authorization file for all systems.

We've run across a few gotchas before this weekend, like:

  o  All passwords become invalid and are non-recoverable.
  o  You cannot su to a priv account from a non-secure terminal.

I'm sure this will be an interesting weekend. If anyone can save me a
a few late night hours with tips/hints/suggestions/..., I'd appreciate it.

-- Dave Brillhart
     Harris Semiconductor
     Palm Bay, FL
     (407) 729-5430