Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)

To: debian-edu@lists.debian.org
Subject: Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
From: Giorgio Pioda <gfwp@ticino.com>
Date: Thu, 22 Aug 2013 11:11:51 +0200
Message-id: <[🔎] 20130822091151.GA12779@macchianera.pioderia.lan>
In-reply-to: <[🔎] 20130822105803.192937ef7yzuw3a3@mail.das-netzwerkteam.de>
References: <[🔎] 5214C68E.9080702@gmx.net> <[🔎] 20130821110503.GY7363@diskless.uio.no> <93c497cb-7c03-4218-8357-a7a5a511b6eb@email.android.com> <[🔎] 20130821183006.GE1809@ulrik.uio.no> <[🔎] 20130822082813.15725gmdoxhsctbx@mail.das-netzwerkteam.de> <[🔎] 20130822065733.GC7363@diskless.uio.no> <[🔎] 5215C86C.2080308@gmx.net> <[🔎] 20130822105803.192937ef7yzuw3a3@mail.das-netzwerkteam.de>

On Thu, Aug 22, 2013 at 10:58:03AM +0200, Mike Gabriel wrote:
> Hi Moritz,
> 
> On Do 22 Aug 2013 10:14:36 CEST Moritz Molle wrote:
> 
> >I see the problem just in having redundant data in many databases
> >scattered around the system. i don't really get, why this is better than
> >not using kerberos at all and authenticating like in skole5/lenny
> >against the ldap.
> 
> The reason for setting up Kerberos is: for Debian jessie we plan
> NFSv4+Krb5. At the moment, unwanted NFS access to the Debian Edu
> network is still way to easy.
> 

Already tested manually. The only problem is the key distribution.
Works like a breeze.

I wouls also suggest to check if OpenAFS would be better choice
than nfsv4-krb5.

In OpenAFS the homes are mounted each with private
kerberization, not like in nfsv4 where the kerberized mount is done
at partition level.

I think that in OpenAFS once an user is logged
and the homedir mounted, it is impossible that he can access
other's homes.

Regards 

Giorgio

-- 
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48

Reply to:

References:
- Bug#720396: debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e
  - From: Moritz Molle <mmolle@gmx.net>
- Bug#720396: debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e
  - From: Petter Reinholdtsen <pere@hungry.com>
- Password hashes in Debian Edu (and migrating from pre-Squeeze installations) (Was: Bug#720396: debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e)
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations) (Was: Bug#720396: debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations) (Was: Bug#720396: debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e)
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
  - From: Moritz Molle <mmolle@gmx.net>
- Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Prev by Date: Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
Next by Date: Re: Include a backport of the Geode X driver in Debian Edu Wheezy? (Was: Second beta release (beta 1) of Debian Edu/Skolelinux based on Debian Wheezy)
Previous by thread: Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations)
Next by thread: Bug#720396: marked as done (debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e)
Index(es):
- Date
- Thread