Network Login discuss

Johnathan Bailes johnathan.bailes at gmail.com
Wed Jan 19 01:26:38 UTC 2005 

On Tue, 18 Jan 2005 13:11:15 -0800, Nifty Hat Mitch
<mitch48 at sbcglobal.net> wrote:
> On Mon, Jan 17, 2005 at 12:37:16PM -0500, fly over wrote:
> 
> >    I have assigned a tough task on FC 3 platform. the prob
> >    definition is to setup a Network Login n FC 3 using NIS , DNS and
> >    NFS. I have 3 p cs small network all running FC 3. If i create
> >    the user on a 1 pc and then create some files on the same pc,
> >    then on other system i should have ability to login and all the
> >    created file should be available there.
> 
> 
> Break this into three tasks.
>       authentication (use NIS or perhaps LDAP)
>             authentication and NIS is a security tangle
>             do your homework. Make sure your firewall
>             does the right thing or hackers can see stuff
>             you do not want seen.


LDAP can be a pain to set up for authentication but might be worth the
trouble since it can be configured for better security.  At least use
tcpwrappers and I have heard but never tried this:

http://www.math.ualberta.ca/imaging/snfs/README.NIS

At the very least take a look at RH's own docs.

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-nis.html

> 
>       host name to IP address mapping (DNS, or NIS)
>             it is possible to have NIS and DNS both
>             provide host name/ IPaddress mapping
>             make sure that: files, DNS, NIS all agree.

Uh, I would typically stick with just DNS but that is perhaps the cheap way out.

> 
>       file system and data sharing (use NFS).
>             this may involve a data dir, applicatin dir and/or user
>             home dirs.  Make sure that only hosts you trust can mount
>             these resources.  UID control and other securtity concerns
>             can matter.
> 

Secure NFS via SSH tunneling or at least wrap that rascal with
tcpwrappers even if you are behind a good firewall.

http://www.math.ualberta.ca/imaging/snfs/

What you have been handed is a great opportunity.  

One that I myself have had handed to me a couple of times but usually
with bosses on my head to do a certain way.

Let me say that putting together a good dns server or file server
layout with nfs or samba is one of the simple joys of sysadmin'ing for
me.

Good luck.

More information about the fedora-list mailing list