Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • November 30, 2007 at 6:18 pm in reply to: Mac Clients, RFC 2307, Active directory, FERPA, Security and more… OUCHIE #370667
    smb445
    Participant

    No – the AD plug-in doesn’t support SSL connections…you might be able to monkey around with ssh tunneling, but you have to do a lot of heavy lifting on both sides of the fence and wandering fall afield into the unsupported territories.

    Out of curiosity – if a user could determine someone’s group memberships, what does that buy them (from a security breach perspective) ?

    November 30, 2007 at 2:57 pm in reply to: Mac Clients, RFC 2307, Active directory, FERPA, Security and more… OUCHIE #370663
    smb445
    Participant

    rmleonard,

    The main problem is getting access to the memberOf attribute on user and group accounts. By removing Everyone from the pre-Win2k group, machines no longer have access to read that data – you could narrow the scope of what you need by creating a new group (or using the Pre-2K group) with the computer accounts and granting those members access to the memberOf attribute itself. That way you can determine group memberships (which is what you want) and still gain the other security benefits.

    -smb

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
Copyright © 2025 AFP548. All Rights Reserved.