Re: NFS, password transparency, and security
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
> I work for several University astronomers who basically want something
> like what they're used to at other places: a pure sun shop, running
> NIS and NFS.
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used it. Can't advise you.
(2) LDAP
Use LDAP (recompile --with-tls flag) + libpam-ldap + libnss-ldap to do
the equivalent of NIS but securely.
Several choices for authorisation (pam_access.so):
(1) local /etc/secuirty/access.conf listing all users
(2) local /etc/secuirty/access.conf listing a group or netgroup
- use local group file
- use LDAP-distributed group or netgroup map
Several choices for file sharing:
(1) NFS + iptables + tcpwrappers
(2) SFS (see sfs-server sfs-client packages and www.fs.net)
Requires users to authenticate against the file server, also.
Consider using libpam-sfs (I'm rewriting it as we speak.)
(3) OpenAFS (see openafs-fileserver + openafs-client)
Also requirres users to authenticate against the file server, but
when used in a Kerberos environment, you only have to logon once due
to Kerberos' ticket-granting system.
Hope this (probably incomplete) list helps,
Luca
--
Luca Filipozzi, Debian Developer
[dpkg] We are the apt. You will be packaged. Comply.
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: