On Tue October 12 2004 21:02, Shawn wrote: > I'm getting to a point where I have too many Linux systems running and have > a need to login to each of them on a regular basis. So, instead of running > SSH sessions to each box when I need access I'd like to switch things over > to a central authentication system, and allow remote file access.
Sounds like a job for Kerberos and NFS, respectively. Disclaimer: I know nothing about NIS. > This would be done in a completely Linux environment, so I have no need for > Samba to allow windows access (well, maybe, but I can handle that > separately). I'm not looking for an SMB/CIFS solution as I have experience > with Samba, but don't have any with NFS/NIS, or whatever else is needed. FWIW, I hadn't any experience with NFS either until recently; it's the same thing as SMB, only different. ;-) By that I mean that although it takes a little bit of reading to get up and running, in essence it's just file sharing for Unix. So, in the end it makes even more sense than SMB since it's meant for your environment. > I've tried to look into NFS and NIS, but havent been able to find a clear > description of either that suggests which is better suited for my needs (or > if I need both). I suspect I'll need NIS, to provide the authentication > services, and NFS to allow generic file access. Is this correct? AFAIK. > Can this be done with NFS alone? No, you still need to give _somebody_ permissions to the shares you create (sorry for using Windows terminology -- "exports" in NFS lingo). By default, it's going to come from the local /etc/passwd (or /etc/exports; whatever -- at any rate, it's local). So a centralized authentication service is still in order. > Or should I be looking at LDAP? I don't think LDAP is what your looking for in this instance (please correct me if I'm wrong). LDAP is a directory service, which means almost by definition you have a large number of items that need to be cataloged. I don't think that's the case here. It sounds like you only need 1 or 2 accounts, but they need to seamless access across multiple hosts. Is that correct? > In the Windows world, I'd be looking for a Domain Controller. What is the > (approximate) equivalent in the *nix world? A default install of any major commercial distro (or Debian)? ;-) Seriously, the beauty/pain of GNU/Linux/BSD/etc. is the choice. In this case, you get to put together the pieces of the puzzle. You get to build your own DC! While that means work, in the end it's always worth it. I guess the question is whether you need it in a hurry or not. Kerberos is not for the faint of heart, but very cool when you get it (and some Kerberized apps) running for you. Not to mention secure. ;-) I'm sure you'll hear about some other alternatives as well. > Thanks for any tips. (And of course, I'm still doing my own research as > well.) Let me know if you find any better options! Sincerely, Curtis S. _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
