[Asterisk-Users] Asterisk vs. system user accounts

Steven Critchfield critch at basesys.com
Tue Jun 24 12:23:41 MST 2003


LDAP is a _MUCH_ better solution to that problem than user accounts on a
machine. Even if you have a /bin/false shell, users could cause trouble
with your system. For security reasons you want to keep the number of
accounts low and the number of accounts with password protected access
even lower. So using the built-in passwords for a system would only make
you more likely to be rooted on a machine that your business will depend
upon.

After saying LDAP is a better choice than system users, I still wonder
why it is important to have users be able to change passwords here. In
small deployments, it isn't going to happen often enough to bother the
administrator. In office environments, you shouldn't have to modify
passwords. Only when you have people roving around should you be worried
about password changes to keep them secure. 

OF course you should also first try to see how hard LDAP is to get setup
and secured before trying to link it into asterisk.

On Tue, 2003-06-24 at 12:07, Reed Wade wrote:
> Because you haven't written and contributed that functionality yet.
> 
> (smiley face goes here)
> 
> That sounds pretty sweet. I'm wondering if LDAP might be the more
> correct thing to use though.
> 
> -reed
> 
> 
> 
> At 10:50 AM 6/24/2003 -0600, you wrote:
> >I've been scouring the archives for discussions on this:
> >
> >Why doesn't Asterisk use system user accounts for each extension/mailbox? 
> >That would add the benefit of encrypted passwords, logical grouping, 
> >unified mail/voice mail accounts (using /var/spool/mail instead of 
> >/var/spool/asterisk). I can already imagine Festival reading my emails to 
> >me, HylaFAX faxing documents to me while I'm on the road :).
> >
> >Dylan.
> >
> >
> >_______________________________________________
> >Asterisk-Users mailing list
> >Asterisk-Users at lists.digium.com
> >http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
Steven Critchfield  <critch at basesys.com>




More information about the asterisk-users mailing list