On Thu, Aug 22, 2013 at 10:58:03AM +0200, Mike Gabriel wrote: > Hi Moritz, > > On Do 22 Aug 2013 10:14:36 CEST Moritz Molle wrote: > > >I see the problem just in having redundant data in many databases > >scattered around the system. i don't really get, why this is better than > >not using kerberos at all and authenticating like in skole5/lenny > >against the ldap. > > The reason for setting up Kerberos is: for Debian jessie we plan > NFSv4+Krb5. At the moment, unwanted NFS access to the Debian Edu > network is still way to easy. >
Already tested manually. The only problem is the key distribution. Works like a breeze. I wouls also suggest to check if OpenAFS would be better choice than nfsv4-krb5. In OpenAFS the homes are mounted each with private kerberization, not like in nfsv4 where the kerberized mount is done at partition level. I think that in OpenAFS once an user is logged and the homedir mounted, it is impossible that he can access other's homes. Regards Giorgio -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
