Re: Centralizing Logins
Message from To debian-user@lists.debian.org at 05/06/00 12:22:52PM:
> We are currently building up several servers, all of which will be
> hosted here locally. The thing is, it's going to be more than 25
> servers. Maintaining user accounts on all these bastards is going to be
> hell.
>
> I've managed to get the pam_radius_auth module to work on solaris,
> linux, and BSD. THe problem is that this module is limited to
> authentication and that's it. Is there some method of centralized
> authentication that will pass session data AND accounting data? NIS is
> no good for us because of the security issues. I've looked at NIS+ but
> it doesn't seem to be what I'm looking for?
>
> I'm assuming someone else out there has had to do this? Before I go
> writing another PAM module, I want to see if this is going to be
> easy....
>
> Any help would be great.. Thanks!
>
> Benjamin
Benjamin:
We are currently looking into solutions for this on our campus where we
have approximately 60 linux boxen and need to have a way of keeping accounts
centralized.
We are right now using NIS+, however, it has very patchy linux support
and is proprietary (read: evil). Just recently we got a OpenLDAP server
working with libnss_ldap, through a stunnel connection for secure transport of
NSS info. We're going to implement this later this summer.. If security
between these servers isn't a huge deal (read: internal network), you
shouldn't even need to mess with the stunnel. It is a much more open protocol
and the only thing that it is lacking to NIS+ right now is that netgroups
is not working.
Michael Janssen
CNS Network Administrator
University of Northern Iowa
Reply to: