[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Centralized /etc/passwd ?

Paladin <paladin@paladin.net.dhis.org> writes:
> On 24 Jun 2002 15:01:47 -0500
> Ron Johnson <ron.l.johnson@cox.net> wrote:
>
>>  I've heard that NIS isn't very robust.  Might LDAP be a better
>>  choice?  Or is there an important integration between NIS & NFS?
>
> Funny... I think I've heard something about NFS being kind of
> "old"... I may be wrong though! :/
>
> NIS & LDAP... I'm on the good track now! Thanks everyone! =)

In the "overkill" department, you might consider using Kerberos and
AFS; this doesn't deal with distributing the contents of the
/etc/passwd file (you'd probably need LDAP for that, something like
Hesiod would *work* but you probably don't want it for new
deployments).  If you're dealing with significant numbers of users,
AFS lets you do things like spread volumes out across servers and have
actual authentication and ACLs; NFS "security" is a joke, and if you
have just one NFS server, you're really hosed if it goes down...

> BTW, what's more secure? Putting everything in the firewall PC or on
> any other one that's inside the firewall?

It's almost certainly easier to avoid publishing your NFS server to
the world if you keep it inside the firewall and then tell the
firewall to not forward NFS packets.  (Though I've never actually
tried to set this up.)  It's also conceivable that network services
that attempt to be clueful about network interfaces will get confused
by living on the firewall machine, particularly if your setup is
complicated.

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: