Re: unified authentication

From: David G. Andersen (danderse_at_cs.utah.edu)
Date: 09/25/03

  • Next message: Tillman Hodgson: "Re: unified authentication"
    Date: Thu, 25 Sep 2003 10:06:50 -0600
    To: Robert Watson <rwatson@freebsd.org>
    
    

    Robert Watson just mooed:
    >
    > On Wed, 24 Sep 2003, Tillman Hodgson wrote:
    >
    > > > Once I get authentication working, how do I handle
    > > > the creation of home directories and basic user
    > > > files across multiple machines?
    > > >
    > > > Do I need to start running NFS, or is there a more
    > > > elegant solution?
    > >
    > > OpenAFS, very elegant solution. Unfortunately, it doesn't work on
    > > FreeBSD yet (or anymore as a client).
    >
    > The Arla client used to work quite well, and probably still works quite
    > well on 4.x. I'm not sure of the status of Arla on 5.x. It sounded like
    > Tom Maher had the OpenAFS server code up and running on FreeBSD, so you
    > should at least have access to a pair of AFS client/server that work.

      If the client machines are semi-trusted, SFS is a good solution.
    I don't know that its authentication is integrated with kerberos,
    but the security model is at least stronger than NFS: Root on a
    client machine could gain access to users accounts if they accessed
    them from that machine, but not to accounts that merely were OK
    to export to that machine.

      http://www.fs.net/

      -Dave

    -- 
    work: dga@lcs.mit.edu                          me:  dga@pobox.com
          MIT Laboratory for Computer Science           http://www.angio.net/
          I do not accept unsolicited commercial email.  Do not spam me.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Tillman Hodgson: "Re: unified authentication"

    Relevant Pages