[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM, nsswitch.conf, and tiny passwd files



Some (slightly off-topic) NIS and NIS+ questions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

....

>   I've looked at NIS & NYS, but they have their own problems.
> (i.e. 'slammer', and linking everything against libnsl)


	Unfortunately I don't know nearly as much as I'll
	need to about NIS/NIS+

	My questions:  Is it possible to configure NIS to map
	just UID/GID's (and to use DNS for hosts and Kerberos
	for authentication)?   When you say "linking everything"
	what does "everything" include?  Does it include only
	those utilities that have to be PAM aware (like vlock,
	xlock, login, su, sudo, etc)?  (In other words do I 
	have to work about 'ls' and 'find' and other user
	space utilities)?  Does glibc provide these NIS extensions
	transparently?  (i.e. what pain do I cause if I use NIS
	on a Red Hat 5.x system with all the glibc updates?).

	Last I heard  Linux could only operate as NIS+ client
	and not as a "master" or "slave" server.  Is this still
	the case?   

	What is the difference between NIS with SRA (Wietse Venema's
	secure RPC authentication?) and NIS+?
 
>   The application I'm looking at is a number of zero-administration
> thin clients, which grab disk images from a server.  Ideally, each
> should not have any user-specific configuration.

	I'd love to hear more about this project.  Will it 
	be available (freely or as a commercial package)?

	I'm writing a book on Linux Systems Administration and
	plan to have a chapter on "Zero Administration Techniques."

	(back on topic)

	How does PAM fit into this?  Is PAM to the point where 
	it can have NIS modules plugged into it?  (I've been on this
	ML for six months and been watching the PAM web pages since
	long before they moved to their new home at kernel.org ---
	and Linux PAM still seems to be just about 2/3 done).

>   It may be possible to use NIS in this application, but customers
> will likely want integrated firewall/NAS services, making RADIUS the
> obvious choice for global authentication.
> 
>   Alan DeKok.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []