Message from To [email protected] at 05/06/00 12:22:52PM: > We are currently building up several servers, all of which will be > hosted here locally. The thing is, it's going to be more than 25 > servers. Maintaining user accounts on all these bastards is going to be > hell. > > I've managed to get the pam_radius_auth module to work on solaris, > linux, and BSD. THe problem is that this module is limited to > authentication and that's it. Is there some method of centralized > authentication that will pass session data AND accounting data? NIS is > no good for us because of the security issues. I've looked at NIS+ but > it doesn't seem to be what I'm looking for? > > I'm assuming someone else out there has had to do this? Before I go > writing another PAM module, I want to see if this is going to be > easy.... > > Any help would be great.. Thanks! > > Benjamin
Benjamin: We are currently looking into solutions for this on our campus where we have approximately 60 linux boxen and need to have a way of keeping accounts centralized. We are right now using NIS+, however, it has very patchy linux support and is proprietary (read: evil). Just recently we got a OpenLDAP server working with libnss_ldap, through a stunnel connection for secure transport of NSS info. We're going to implement this later this summer.. If security between these servers isn't a huge deal (read: internal network), you shouldn't even need to mess with the stunnel. It is a much more open protocol and the only thing that it is lacking to NIS+ right now is that netgroups is not working. Michael Janssen CNS Network Administrator University of Northern Iowa
