[sclug] Centralised Authentication

Mon Oct 31 15:35:14 UTC 2005

On Mon, Oct 31, 2005 at 15:31:33 +0000, Matt wrote:
: * David Given <dg at cowlark.com> [2005-10-31 15:14:18]:

: > One of the gnarliest hacks I ever perpetrated was setting up a distributed 
: > password system of a network of Linux-based terminals. What I did was to have 
: > the main server NFS export /etc/passwd; then I had each client mount it over 
: > the top of its own /etc/passwd as part of the boot procedure. (You can export 
: > single files in NFS.)

Cute :-)

: My eyes!

: LDAP or NIS should be the easiest FSVO easiest. There are also PAM
: modules for using things like MySQL databases or RADIUS servers.

Not NIS.  Really, not NIS.  NIS isn't secure ('ypcat passwd'), and NIS+
isn't much better.

-- 
Dickon Hood

Due to digital rights management, my .sig is temporarily unavailable.
Normal service will be resumed as soon as possible.  We apologise for the
inconvenience in the meantime.

No virus was found in this outgoing message as I didn't bother looking.