Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
On Thu, Aug 22, 2013 at 10:58:03AM +0200, Mike Gabriel wrote:
> Hi Moritz,
>
> On Do 22 Aug 2013 10:14:36 CEST Moritz Molle wrote:
>
> >I see the problem just in having redundant data in many databases
> >scattered around the system. i don't really get, why this is better than
> >not using kerberos at all and authenticating like in skole5/lenny
> >against the ldap.
>
> The reason for setting up Kerberos is: for Debian jessie we plan
> NFSv4+Krb5. At the moment, unwanted NFS access to the Debian Edu
> network is still way to easy.
>
Already tested manually. The only problem is the key distribution.
Works like a breeze.
I wouls also suggest to check if OpenAFS would be better choice
than nfsv4-krb5.
In OpenAFS the homes are mounted each with private
kerberization, not like in nfsv4 where the kerberized mount is done
at partition level.
I think that in OpenAFS once an user is logged
and the homedir mounted, it is impossible that he can access
other's homes.
Regards
Giorgio
--
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48
Reply to: