options for centralized 'passwd' database for a diskless lab ?
Danny Braniss
danny at cs.huji.ac.il
Tue Feb 14 23:04:42 PST 2006
> as per the subjects, what options do i have to set a centralized
> 'passwd' database for a lab with FreeBSD diskless machines ?
>
> In the past (4.x times) i used YP/NIS which did the job but was
> highly insecure (all traffic unencrypted) and also a bit of a pain to configure.
> It was convenient though because it let users change their
> password and other info just using the passwd command.
>
> I have been browsing around a bit, and i see that pam_* (tried pam_radius)
> can do for the authentication part but not for the other info;
> nss_* seems to be a better suit but the only thing i see is nss_ldap
> and i am not familiar with the latter.
>
> So any suggestions or pointers to pages describing what to do ?
>
for NIS/YP replacement: look into hesiod, we have been using it for years!
for the authentication problem: we have implemented a client/server
solution. the encrypted password is kept in a secure server, and the clients
send the password to this server. the communication is clear text, but
it could be made encrypted. for distant/unsecure authentication we
use a token generating card - OTP.
this server also handles the MS authentication, OTP cards, etc.
danny
> cheers
> luigi
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
More information about the freebsd-current
mailing list