Re: authentication server with group permissions?

2002-10-20 Thread wolf 
If you internal LAN is relatively secure you probably want to use NIS to
give out the maps for master.passwd and group.
To be extra safe, I would setup the maps so that all the passwords in 
the NIS master.passwd are '*' and use pam_smb or some such critter 
against your Samba PDC if you need UNIX login capabilities. (This 
presumes you are using windows workstations).

You an also use other pam_* modules for the actual authentication, 
allowing you to keep the NIS passwords as '*'s so that if someone ever
sniffs your lan traffic, etc, the NIS maps don't contain passwords.

David Loszewski wrote:

basically what we are trying to accomplish is that I'm in an office with 
may employees.
Say we have 5 different servers, and I have files on the servers that I 
want all the employees in a specific group have read access to those 
files, or write access depending on permissions for that group.  So when 
an employee logs into a server I want it to go to some internal 
authentication server and tell the server that it's k for that person to 
access that file.  I want to do this without copying to passwd file to 
each server.

Dave

wolf wrote:

could you be more specific?

sharing files via NFS?
transparent logging to other servers?
other?

What you are trying to do in particular affects how you
accomplish your goal.

[EMAIL PROTECTED] wrote:


Could someone point me in the right direction to find
information on creating an authentication server in such
a way that if some user logs in on a particular machine,
as long as he is in a certain group he will have read
access to all/or certain files as well on other servers
depending on the group and rules set for that group?

Dave

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message








To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message



--
Michael Joyner
FreeBSD System Administrator
http://manhattan.hq.dyns.cx/


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

authentication server with group permissions?

2002-10-19 Thread stealth215 
Could someone point me in the right direction to find
information on creating an authentication server in such
a way that if some user logs in on a particular machine,
as long as he is in a certain group he will have read
access to all/or certain files as well on other servers
depending on the group and rules set for that group?

Dave

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message