Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
On Thu, Aug 22, 2013 at 10:58:03AM +0200, Mike Gabriel wrote:
> Hi Moritz,
> On Do 22 Aug 2013 10:14:36 CEST Moritz Molle wrote:
> >I see the problem just in having redundant data in many databases
> >scattered around the system. i don't really get, why this is better than
> >not using kerberos at all and authenticating like in skole5/lenny
> >against the ldap.
> The reason for setting up Kerberos is: for Debian jessie we plan
> NFSv4+Krb5. At the moment, unwanted NFS access to the Debian Edu
> network is still way to easy.
Already tested manually. The only problem is the key distribution.
Works like a breeze.
I wouls also suggest to check if OpenAFS would be better choice
In OpenAFS the homes are mounted each with private
kerberization, not like in nfsv4 where the kerberized mount is done
at partition level.
I think that in OpenAFS once an user is logged
and the homedir mounted, it is impossible that he can access
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48