Re: unified authentication

From: David G. Andersen (danderse_at_cs.utah.edu)
Date: 09/25/03

  • Next message: Tillman Hodgson: "Re: unified authentication" 
    Date: Thu, 25 Sep 2003 10:06:50 -0600
To: Robert Watson <rwatson@freebsd.org>

    Robert Watson just mooed:
    >
    > On Wed, 24 Sep 2003, Tillman Hodgson wrote:
    >
    > > > Once I get authentication working, how do I handle
    > > > the creation of home directories and basic user
    > > > files across multiple machines?
    > > >
    > > > Do I need to start running NFS, or is there a more
    > > > elegant solution?
    > >
    > > OpenAFS, very elegant solution. Unfortunately, it doesn't work on
    > > FreeBSD yet (or anymore as a client).
    >
    > The Arla client used to work quite well, and probably still works quite
    > well on 4.x. I'm not sure of the status of Arla on 5.x. It sounded like
    > Tom Maher had the OpenAFS server code up and running on FreeBSD, so you
    > should at least have access to a pair of AFS client/server that work.

      If the client machines are semi-trusted, SFS is a good solution.
    I don't know that its authentication is integrated with kerberos,
    but the security model is at least stronger than NFS: Root on a
    client machine could gain access to users accounts if they accessed
    them from that machine, but not to accounts that merely were OK
    to export to that machine.

      http://www.fs.net/

      -Dave 

    -- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Tillman Hodgson: "Re: unified authentication"

    Relevant Pages

    • Re: GPO not launching login script successfully on client machines. 3/22/2004 8:23 AM PST
      ... Disable Portfast on the switch. ... 202840 A Client Connected to an Ethernet Switch May Receive Several ... Disable Media Sense on the client machines: ... Make sure the DHCP assigned DNS servers list only your internal DNS servers ...
      (microsoft.public.win2000.group_policy)
    • nfsmnthelp holding up server nfsd?
      ... We have a lot of machines that nfs mount f/s from an aix 53-05 nfs ... server. ... A handfull of the client machines cause us a problem. ...
      (comp.unix.aix)
    • Server 7, & some clients dont see host...
      ... I'm working with a school that has Server 7 on a mac and client macs ... Powerbook) CAN see the host in that dialog, ... On all Client machines, ...
      (comp.databases.filemaker)
    • Re: SBS2008 Virus protection for File System
      ... If you are getting that error then it *usually* means that the clients were not joined to the domain using the wizard and thus the firewall is blocking WMI traffic. ... Another possibility is that a GPO was altered from default and is, again, causing problems on the client's firewall and blocking WMI queries. ... believes that the client machines do not have any AV ...
      (microsoft.public.windows.server.sbs)
    • Re: Unable to connect using the network wizard
      ... DNS on my client machines is set to ... but even if I do the http://servername/connectcomputer on the server ... > Make sure the clients are pointing to SBS for the DNS. ...
      (microsoft.public.windows.server.sbs)