[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Centralizing Logins

Message from To debian-user@lists.debian.org at 05/06/00 12:22:52PM:
> We are currently building up several servers, all of which will be
> hosted here locally.  The thing is, it's going to be more than 25
> servers.  Maintaining user accounts on all these bastards is going to be
> hell. 
> I've managed to get the pam_radius_auth module to work on solaris,
> linux, and BSD.  THe problem is that this module is limited to
> authentication and that's it.  Is there some method of centralized
> authentication that will pass session data AND accounting data?  NIS is
> no good for us because of the security issues.  I've looked at NIS+ but
> it doesn't seem to be what I'm looking for?
> I'm assuming someone else out there has had to do this?  Before I go
> writing another PAM module, I want to see if this is going to be
> easy....
> Any help would be great.. Thanks!
> Benjamin

  We are currently looking into solutions for this on our campus where we
have approximately 60 linux boxen and need to have a way of keeping accounts

  We are right now using NIS+, however, it has very patchy linux support 
and is proprietary (read: evil).  Just recently we got a OpenLDAP server
working with libnss_ldap, through a stunnel connection for secure transport of 
NSS info.  We're going to implement this later this summer.. If security
between these servers isn't a huge deal (read: internal network), you 
shouldn't even need to mess with the stunnel.  It is a much more open protocol
and the only thing that it is lacking to NIS+ right now is that netgroups
is not working.  

Michael Janssen
CNS Network Administrator
University of Northern Iowa

Reply to: