If you internal LAN is relatively secure you probably want to use NIS to
give out the maps for master.passwd and group.
To be extra safe, I would setup the maps so that all the passwords in
the NIS master.passwd are '*' and use pam_smb or some such critter
against your Samba PDC if you need UNIX login capabilities. (This
presumes you are using windows workstations).
You an also use other pam_* modules for the actual authentication,
allowing you to keep the NIS passwords as '*'s so that if someone ever
sniffs your lan traffic, etc, the NIS maps don't contain passwords.
David Loszewski wrote:
basically what we are trying to accomplish is that I'm in an office with
may employees.
Say we have 5 different servers, and I have files on the servers that I
want all the employees in a specific group have read access to those
files, or write access depending on permissions for that group. So when
an employee logs into a server I want it to go to some internal
authentication server and tell the server that it's k for that person to
access that file. I want to do this without copying to passwd file to
each server.
Dave
wolf wrote:
could you be more specific?
sharing files via NFS?
transparent logging to other servers?
other?
What you are trying to do in particular affects how you
accomplish your goal.
[EMAIL PROTECTED] wrote:
Could someone point me in the right direction to find
information on creating an authentication server in such
a way that if some user logs in on a particular machine,
as long as he is in a certain group he will have read
access to all/or certain files as well on other servers
depending on the group and rules set for that group?
Dave
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
--
Michael Joyner
FreeBSD System Administrator
http://manhattan.hq.dyns.cx/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message