[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)

On Thu, Aug 22, 2013 at 10:58:03AM +0200, Mike Gabriel wrote:
> Hi Moritz,
> On Do 22 Aug 2013 10:14:36 CEST Moritz Molle wrote:
> >I see the problem just in having redundant data in many databases
> >scattered around the system. i don't really get, why this is better than
> >not using kerberos at all and authenticating like in skole5/lenny
> >against the ldap.
> The reason for setting up Kerberos is: for Debian jessie we plan
> NFSv4+Krb5. At the moment, unwanted NFS access to the Debian Edu
> network is still way to easy.

Already tested manually. The only problem is the key distribution.
Works like a breeze.

I wouls also suggest to check if OpenAFS would be better choice
than nfsv4-krb5.

In OpenAFS the homes are mounted each with private
kerberization, not like in nfsv4 where the kerberized mount is done
at partition level.

I think that in OpenAFS once an user is logged
and the homedir mounted, it is impossible that he can access
other's homes.



Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48

Reply to: