User Accounts across multiple machines
I have 15 FreeBSD machines on my network (soon to be around 30) and want to synch all the machines userid and passwords. Is NIS still the primary way to do this or is there a better solution? -- Ray Seals [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User Accounts across multiple machines
Ray Seals [EMAIL PROTECTED] wrote: I have 15 FreeBSD machines on my network (soon to be around 30) and want to synch all the machines userid and passwords. Is NIS still the primary way to do this or is there a better solution? As far as I understand it, yes. Although Kerberos seems to be a practical alternative. With 5.x, there is more support for pam, thus opening up your choices to things like LDAP. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User Accounts across multiple machines
On Thursday 22 July 2004 13:23, Bill Moran wrote: Ray Seals [EMAIL PROTECTED] wrote: I have 15 FreeBSD machines on my network (soon to be around 30) and want to synch all the machines userid and passwords. Is NIS still the primary way to do this or is there a better solution? As far as I understand it, yes. Although Kerberos seems to be a practical alternative. With 5.x, there is more support for pam, thus opening up your choices to things like LDAP. Note that Kerberos only provides AAA and not directory services. I recently (within the last 6 months) replaced my old NIS setup with one based on OpenLDAP. It works perfectly across my FreeBSD, Linux, and Mac OS X machines. NIS did the job, but I won't be rolling it out on new systems ever again. -- Kirk Strauser pgpZKGWSAhTEw.pgp Description: signature
Re: User Accounts across multiple machines
Kirk Strauser [EMAIL PROTECTED] wrote: On Thursday 22 July 2004 13:23, Bill Moran wrote: Ray Seals [EMAIL PROTECTED] wrote: I have 15 FreeBSD machines on my network (soon to be around 30) and want to synch all the machines userid and passwords. Is NIS still the primary way to do this or is there a better solution? As far as I understand it, yes. Although Kerberos seems to be a practical alternative. With 5.x, there is more support for pam, thus opening up your choices to things like LDAP. Note that Kerberos only provides AAA and not directory services. I recently (within the last 6 months) replaced my old NIS setup with one based on OpenLDAP. It works perfectly across my FreeBSD, Linux, and Mac OS X machines. NIS did the job, but I won't be rolling it out on new systems ever again. Were you able to make this work well with 4.x machines? It's been a while since I tried, but I had problems with nss turning UIDs back into names. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User Accounts across multiple machines
On Thu, Jul 22, 2004 at 02:46:57PM -0400, Bill Moran wrote: Were you able to make this work well with 4.x machines? It's been a while since I tried, but I had problems with nss turning UIDs back into names. This would still be a problem, because there is no support for nss_ldap in FreeBSD 4.x. To get LDAP working with 4.x, you would need a workaround that translates user information into NIS or something that creates user-entries in the local passwd file. Support for nss_ldap/nsswitch.conf is available in FreeBSD 5.1-RELEASE or newer. cu, Uwe ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User Accounts across multiple machines
On Thu, Jul 22, 2004 at 02:23:36PM -0400, Bill Moran wrote: Ray Seals [EMAIL PROTECTED] wrote: I have 15 FreeBSD machines on my network (soon to be around 30) and want to synch all the machines userid and passwords. Is NIS still the primary way to do this or is there a better solution? As far as I understand it, yes. Although Kerberos seems to be a practical alternative. With 5.x, there is more support for pam, thus opening up your choices to things like LDAP. I use NIS (for meta-data) in combination with Kerberos (for authentication), with the NIS service run over a special VLAN with IPsec transport mode in place. This covers the security problems in the design of NIS that I'm familair with, uses only tools found in the base FreeBSD install, works across Unix-like platforms (and versions, such as 4.X vs 5.X), and provides other benefits such as single sign-on. -T -- Page 461: Tools that are simple enough to use the first day are often a real pain after the first month. - Harley Hahn, _The Unix Companion_ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]