Setting up 20 equal linux boxes -- More questions
Thanks for replies, I haven't been able to do a "real-life" test as the
computers didn't arrive yet. In the meantime I got some remarks here
which result in more questions.
I got a reply the is not on the list from Steve Stancliff
<stanclif@mil.ufl.edu>, he says:
> As others mentioned, NFS is the way to mount the
> homes from the fileserver. I advise not using
> autofs for mounting the homes, just mount them
> in fstab. Autofs is very flaky.
Could anyone comment on this and mention the pros and cons of both
solutions?
Why is autofs flaky?
> Also, NIS is the usual method of synchronizing files,
> such as /etc/passwd, but NIS also is flaky, and it
> supposedly has security issue. NIS also defeats
> password shadowing, since it will pass the shadow
> file in the clear. On our system I replaced NIS with
> a password distribution system using scp (part of ssh).
I also heard that NIS is not very secure, and as mentioned before there
already is an LDAP-server on the Server-Box which could serve as a
User-Database as well (using PAM).
Has anyone done this before?
> If you don't allow users to change their passwords
> (which is often a good idea, so you can enforce
> reasonably strong passwords), then you don't need
> automated distribution anyway - you can just scp the
> passwd files after you change them. If you use a
> public-private keypair for authentication of root,
> then you can do this without having to type in all
> the passwords. But then in that case if someone
> gets root on your server, he has root on all machines.
> (But really, if he has root on your server you're
> hosed anyway.)
Weak passwords are not so much a problem as the people who use the
computers are not so evil. If everyone has her own background image to
play with they won't try to spy out passwords ;-}
If you there are HOWTOs, FAQs, manuals or other resources on the web
that answer all these question, please tell me!
Thanks a lot!!
- Konrad Mierendorff
Reply to: