Re: Linux clients in network - experiences?
Ühel ilusal päeval [20-03-2004 04:42] kirjutas Adrian 'Dagurashibanipal' von Bidder:
[...]
> Server/network set up
> - unix account management: I suspect NIS is not really an option in a
> security conscious environment (just hearsay, though, I'll look at it).
> Kerberos? With pam there should be no problem with integration. Others?
For central account management LDAP seems to be good alternative. PAM
and NSS have modules for that. There is link to one guide, which helped
me a lot.
http://homex.subnet.at/~max/ldap/index.php
[...]
> - authentication: I favor USB tokens (since ssh/pgp secret keys could be
> stored there, too). $BOSS wants fingerprint auth. What solutions do exist (I
> see there's an ITP out for libpam-usb. What about Linux-supported
> fingerprinting systems? Laptops?)
Here in Estonia we have this ID-card, which is actually a smartcard with
a chip. This is mandatory for every citizen and it can be used for
identification and digital signatures. Anyway, the point is, that such cards
can be used for login authentications, the opensc project has PAM module
for that. IMO the smartcards are better than fingerprint auth, since
they can be used for other things also (digital signatures, encryption).
http://www.opensc.org/
Juhan
Reply to: