On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
You have three issues:
Shared Authentication...
Kerberos or LDAP
File Sharing
Looked at GFS? Could also use NFS I guess. Sigh.
Look at autofs
Security!
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
You have three issues:
Shared Authentication...
Kerberos or LDAP
File Sharing
Looked at GFS? Could also use NFS I guess. Sigh.
Look at autofs
Security!
On Wed, Apr 10, 2002 at 12:21:13AM +0100, Gareth Bowker wrote:
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
You run those service locally on each machine only. You don't make them
available to other
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
Previously Alan Shutko wrote:
An AFS-based setup is used at many places to great effect, especially
on untrusted nets, but I don't know how bad setup is. I suspect it's
evil.
There is also SFS which works very nicely
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the reason I am seeking alternatives is that those
services are so
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
You run those service locally on each machine only. You don't make them
available to other hosts.
Sorry if I'm being completely dense here, but aren't the
Previously Alan Shutko wrote:
An AFS-based setup is used at many places to great effect, especially
on untrusted nets, but I don't know how bad setup is. I suspect it's
evil.
There is also SFS which works very nicely indeed.
Wichert.
--
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
Previously Alan Shutko wrote:
An AFS-based setup is used at many places to great effect, especially
on untrusted nets, but I don't know how bad setup is. I suspect it's
evil.
There is also SFS which works very nicely
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the reason I am seeking alternatives is that those
services are so often
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
After doing some reading about it, the only thing that turns me off to
SFS is that you still have to run the usual NFS services for it to work.
A large part of the
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
You run those service locally on each machine only. You don't make them
available to other hosts.
Sorry if I'm being completely dense here, but aren't the ports
Hi,
Just thought I'd chip inn some support for LDAP. Also a kerberos
pointer:
www.bayour.com has a very good ldap+kerberos howto for debian written by
Turbo Fredrikson.
Also you should check out directory administrator for admining your
directory. A simple ldap client for administrating ldap
On Sun, Apr 07, 2002 at 10:36:17PM -0700, Luca Filipozzi wrote:
this also allows crackers to access your userbase, unlike libpam-ldap,
where you are not forced to allow userpassword read access to the
database. The cracker just needs to hack this machine, read the password
from config and
On Sun, 7 Apr 2002, Luca Filipozzi wrote:
I suspect that if all your boxes are running Debian that your life will
be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)?
On Sun, Apr 07, 2002 at 09:22:12PM -0700, tony mancill wrote:
What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set
up in a mode that's called opportunistic encryption that will use IPsec
for communication when it's available and allow other traffic to proceed
as normal. In
On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
Two choices (I like lists :) ):
(1) use libpam-ldap:
i recommend this. Even though the current pam system is a pain to
modify.. if you modify one file and it gets updated in the package it
will nag about it.. you can't tell if
On Mon, Apr 08, 2002 at 08:23:17AM +0300, Sami Haahtinen wrote:
On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
Two choices (I like lists :) ):
(1) use libpam-ldap:
i recommend this.
I also recommend this.
(2) don't use libpam-ldap:
You don't have to use
Hi,
Just thought I'd chip inn some support for LDAP. Also a kerberos
pointer:
www.bayour.com has a very good ldap+kerberos howto for debian written by
Turbo Fredrikson.
Also you should check out directory administrator for admining your
directory. A simple ldap client for administrating ldap
On Sun, Apr 07, 2002 at 10:36:17PM -0700, Luca Filipozzi wrote:
this also allows crackers to access your userbase, unlike libpam-ldap,
where you are not forced to allow userpassword read access to the
database. The cracker just needs to hack this machine, read the password
from config and
I have a situation where my superiors are leaning heavily on me to make
life more convenient for them by having total availability of data from
a group of machines. They basically want to log into any one machine
within this group with the same password, and be able to access any
disks they
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
I work for several University astronomers who basically want something
like what they're used to at other places: a pure sun shop, running
NIS and NFS.
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used
Rob VanFleet [EMAIL PROTECTED] writes:
They basically want to log into any one machine within this group
with the same password, and be able to access any disks they choose
from any pariticular machine (within this group).
An AFS-based setup is used at many places to great effect, especially
hi ya
why not do the following ???
make one machine be your primary NIS server...
- all passwds defined there...
all other machines uses the NIS server for passwd authentication
and turn on ssh logins ( ~/.shosts ) w/o checking passwd
use automounter for
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at leaves the
impressions that it is ridiculously complicated to set up
On Sun, Apr 07, 2002 at 10:04:01PM -0500, Rob VanFleet wrote:
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at
On Sun, 7 Apr 2002, Luca Filipozzi wrote:
I suspect that if all your boxes are running Debian that your life will
be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)?
On Sun, Apr 07, 2002 at 09:22:12PM -0700, tony mancill wrote:
What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set
up in a mode that's called opportunistic encryption that will use IPsec
for communication when it's available and allow other traffic to proceed
as normal.
On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
Two choices (I like lists :) ):
(1) use libpam-ldap:
i recommend this. Even though the current pam system is a pain to
modify.. if you modify one file and it gets updated in the package it
will nag about it.. you can't tell if
I have a situation where my superiors are leaning heavily on me to make
life more convenient for them by having total availability of data from
a group of machines. They basically want to log into any one machine
within this group with the same password, and be able to access any
disks they
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
I work for several University astronomers who basically want something
like what they're used to at other places: a pure sun shop, running
NIS and NFS.
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used
Rob VanFleet [EMAIL PROTECTED] writes:
They basically want to log into any one machine within this group
with the same password, and be able to access any disks they choose
from any pariticular machine (within this group).
An AFS-based setup is used at many places to great effect, especially
hi ya
why not do the following ???
make one machine be your primary NIS server...
- all passwds defined there...
all other machines uses the NIS server for passwd authentication
and turn on ssh logins ( ~/.shosts ) w/o checking passwd
use automounter for
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at leaves the
impressions that it is ridiculously complicated to set up and
On Sun, Apr 07, 2002 at 10:04:01PM -0500, Rob VanFleet wrote:
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at
35 matches
Mail list logo
