Re: numeric UIDs - Neil Brown

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Neil Brown <neilb@suse.de>
To: David Brodbeck <brodbd@u.washington.edu>
Cc: linux-nfs@vger.kernel.org
Subject: Re: numeric UIDs
Date: Thu, 12 Aug 2010 09:06:02 +1000	[thread overview]
Message-ID: <20100812090602.3a24c2bd@notabene> (raw)
In-Reply-To: <03068BD0-0613-469E-B918-07019EC54055@u.washington.edu>

On Wed, 4 Aug 2010 14:32:06 -0700
David Brodbeck <brodbd@u.washington.edu> wrote:

> 
> On Aug 4, 2010, at 11:30 AM, Andy Adamson wrote:
> 
> > 
> > On Aug 4, 2010, at 1:06 PM, David Brodbeck wrote:
> > 
> >> 
> >> On Aug 3, 2010, at 7:02 PM, Trond Myklebust wrote:
> >> 
> >>> On Tue, 2010-08-03 at 18:42 -0400, J. Bruce Fields wrote:
> >>>> On Tue, Aug 03, 2010 at 06:31:15PM -0400, Trond Myklebust wrote:
> >>>>> On Tue, 2010-08-03 at 18:23 -0400, J. Bruce Fields wrote:
> >>>>>> On Tue, Aug 03, 2010 at 06:15:19PM -0400, Trond Myklebust wrote:
> >>>> 
> >>>>> 2) Why is AUTH_SYS so sacrosanct?
> >>>> 
> >>>> Because it's what almost everyone uses.
> >>> 
> >>> No. It's the _default_. ...and a really really bad default.
> >> 
> >> The problem is the only supported alternative is to set up Kerberos.  This is a lot of work, especially for established sites where it essentially requires every user to change their password during the migration.  It also creates problems with ticket expiration if you have daemons or batch jobs that need continuous access to NFS filesystems.
> > 
> > Changing passwords is a good thing - should be done on a regular basis anyway.
> 
> True, 

Not true.  Forced password changing encourages poor choice of passwords and
other poor practices.
Much better to choose a really good password and only change it when you have
reason to believe that it has been compromised, or when you get bored of the
old one.

(better still is two-factor authentication of course).

NeilBrown

next prev parent reply	other threads:[~2010-08-11 23:06 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-03  2:01 numeric UIDs Victor Mataré
2010-08-03 16:43 ` Jim Rees
2010-08-03 19:22   ` J. Bruce Fields
2010-08-03 21:49     ` Daniel.Muntz
2010-08-03 21:57       ` Jim Rees
2010-08-03 22:15         ` Trond Myklebust
2010-08-03 22:23           ` J. Bruce Fields
2010-08-03 22:31             ` Trond Myklebust
2010-08-03 22:42               ` J. Bruce Fields
2010-08-04  2:02                 ` Trond Myklebust
2010-08-04 17:06                   ` David Brodbeck
2010-08-04 18:30                     ` Andy Adamson
2010-08-04 21:32                       ` David Brodbeck
2010-08-11 23:06                         ` Neil Brown [this message]
2010-08-12 13:20                           ` Andy Adamson
2010-08-11 23:10                     ` Neil Brown
2010-08-05 15:34                   ` J. Bruce Fields
2010-08-11 23:22                     ` Neil Brown
2010-08-13 14:43                       ` Steve Dickson
2010-08-13 16:31                         ` J. Bruce Fields
2010-08-13 17:30                           ` Steve Dickson
     [not found]                             ` <4C658146.90207-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-13 17:37                               ` J. Bruce Fields
2010-08-13 18:43                           ` Chuck Lever
2010-08-17 17:46                             ` Tom Haynes
2010-08-17 18:18                               ` J. Bruce Fields
2010-08-17 18:43                                 ` Tom Haynes
2010-08-17 18:49                                   ` J. Bruce Fields
2010-08-17 19:21                                     ` J. Bruce Fields
     [not found]                         ` <4C6559FA.5070809-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-16  8:30                           ` Neil Brown
2010-08-13 14:40                 ` Steve Dickson
2010-08-03 19:22 ` J. Bruce Fields
2010-08-17 17:48   ` Tom Haynes
2010-08-17 18:24     ` J. Bruce Fields
2010-08-17 19:00       ` Tom Haynes
2010-08-17 20:08         ` David Brodbeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100812090602.3a24c2bd@notabene \
    --to=neilb@suse.de \
    --cc=brodbd@u.washington.edu \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).