On Wed, Apr 10, 2002 at 12:21:13AM +0100, Gareth Bowker wrote:
> On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
> > On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> > >
> > > You run those service locally on each machine only. You don't make them
> > > available to
On Wed, Apr 10, 2002 at 12:21:13AM +0100, Gareth Bowker wrote:
> On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
> > On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> > >
> > > You run those service locally on each machine only. You don't make them
> > > available t
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
You have three issues:
Shared Authentication...
Kerberos or LDAP
File Sharing
Looked at GFS? Could also use NFS I guess. Sigh.
Look at autofs
Security!
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
You have three issues:
Shared Authentication...
Kerberos or LDAP
File Sharing
Looked at GFS? Could also use NFS I guess. Sigh.
Look at autofs
Security!
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
> On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> >
> > You run those service locally on each machine only. You don't make them
> > available to other hosts.
>
> Sorry if I'm being completely dense here, but aren't t
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> > After doing some reading about it, the only thing that turns me off to
> > SFS is that you still have to run the usual NFS services for it to work.
> > A large part of
On Tue, Apr 09, 2002 at 04:02:34PM -0500, Rob VanFleet wrote:
> On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> >
> > You run those service locally on each machine only. You don't make them
> > available to other hosts.
>
> Sorry if I'm being completely dense here, but aren't
On Tue, Apr 09, 2002 at 07:23:28AM -0700, Luca Filipozzi wrote:
> On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> > After doing some reading about it, the only thing that turns me off to
> > SFS is that you still have to run the usual NFS services for it to work.
> > A large part o
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> After doing some reading about it, the only thing that turns me off to
> SFS is that you still have to run the usual NFS services for it to work.
> A large part of the reason I am seeking alternatives is that those
> services are so of
On Tue, Apr 09, 2002 at 06:51:38AM -0500, Rob VanFleet wrote:
> After doing some reading about it, the only thing that turns me off to
> SFS is that you still have to run the usual NFS services for it to work.
> A large part of the reason I am seeking alternatives is that those
> services are so o
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
> Previously Alan Shutko wrote:
> > An AFS-based setup is used at many places to great effect, especially
> > on untrusted nets, but I don't know how bad setup is. I suspect it's
> > evil.
>
> There is also SFS which works very nic
Previously Alan Shutko wrote:
> An AFS-based setup is used at many places to great effect, especially
> on untrusted nets, but I don't know how bad setup is. I suspect it's
> evil.
There is also SFS which works very nicely indeed.
Wichert.
--
_
On Tue, Apr 09, 2002 at 12:37:27PM +0200, Wichert Akkerman wrote:
> Previously Alan Shutko wrote:
> > An AFS-based setup is used at many places to great effect, especially
> > on untrusted nets, but I don't know how bad setup is. I suspect it's
> > evil.
>
> There is also SFS which works very ni
Previously Alan Shutko wrote:
> An AFS-based setup is used at many places to great effect, especially
> on untrusted nets, but I don't know how bad setup is. I suspect it's
> evil.
There is also SFS which works very nicely indeed.
Wichert.
--
On Sun, Apr 07, 2002 at 10:36:17PM -0700, Luca Filipozzi wrote:
> > this also allows crackers to access your userbase, unlike libpam-ldap,
> > where you are not forced to allow userpassword read access to the
> > database. The cracker just needs to hack this machine, read the password
> > from conf
On Sun, Apr 07, 2002 at 10:36:17PM -0700, Luca Filipozzi wrote:
> > this also allows crackers to access your userbase, unlike libpam-ldap,
> > where you are not forced to allow userpassword read access to the
> > database. The cracker just needs to hack this machine, read the password
> > from con
Hi,
Just thought I'd chip inn some support for LDAP. Also a kerberos
pointer:
www.bayour.com has a very good ldap+kerberos howto for debian written by
Turbo Fredrikson.
Also you should check out directory administrator for admining your
directory. A simple ldap client for administrating ldap user
On Mon, Apr 08, 2002 at 08:23:17AM +0300, Sami Haahtinen wrote:
> On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
> > Two choices (I like lists :) ):
> >
> > (1) use libpam-ldap:
>
> i recommend this.
I also recommend this.
> > (2) don't use libpam-ldap:
> > You don't have t
On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
> Two choices (I like lists :) ):
>
> (1) use libpam-ldap:
i recommend this. Even though the current pam system is a pain to
modify.. if you modify one file and it gets updated in the package it
will nag about it.. you can't tell if
On Sun, Apr 07, 2002 at 09:22:12PM -0700, tony mancill wrote:
> What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set
> up in a mode that's called "opportunistic encryption" that will use IPsec
> for communication when it's available and allow other traffic to proceed
> as normal
Hi,
Just thought I'd chip inn some support for LDAP. Also a kerberos
pointer:
www.bayour.com has a very good ldap+kerberos howto for debian written by
Turbo Fredrikson.
Also you should check out directory administrator for admining your
directory. A simple ldap client for administrating ldap use
On Sun, 7 Apr 2002, Luca Filipozzi wrote:
> I suspect that if all your boxes are running Debian that your life will
> be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)?
On Mon, Apr 08, 2002 at 08:23:17AM +0300, Sami Haahtinen wrote:
> On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
> > Two choices (I like lists :) ):
> >
> > (1) use libpam-ldap:
>
> i recommend this.
I also recommend this.
> > (2) don't use libpam-ldap:
> > You don't have
On Sun, Apr 07, 2002 at 10:04:01PM -0500, Rob VanFleet wrote:
> On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
> > Two choices for authentication (passwd + shadow):
> > (1) Kerberos
> > Never used it. Can't advise you.
>
> I've looked at Kerberos, but at least a cursory glance
On Sun, Apr 07, 2002 at 08:14:26PM -0700, Luca Filipozzi wrote:
> Two choices (I like lists :) ):
>
> (1) use libpam-ldap:
i recommend this. Even though the current pam system is a pain to
modify.. if you modify one file and it gets updated in the package it
will nag about it.. you can't tell if
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
> Two choices for authentication (passwd + shadow):
> (1) Kerberos
> Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at leaves the
impressions that it is ridiculously complicated to set up a
hi ya
why not do the following ???
make one machine be your primary NIS server...
- all passwds defined there...
all other machines uses the NIS server for passwd authentication
and turn on ssh logins ( ~/.shosts ) w/o checking passwd
use automounter for /n//directories
Rob VanFleet <[EMAIL PROTECTED]> writes:
> They basically want to log into any one machine within this group
> with the same password, and be able to access any disks they choose
> from any pariticular machine (within this group).
An AFS-based setup is used at many places to great effect, especia
On Sun, Apr 07, 2002 at 09:22:12PM -0700, tony mancill wrote:
> What if you use FreeS/WAN (or really, any sort of IPsec)? It can be set
> up in a mode that's called "opportunistic encryption" that will use IPsec
> for communication when it's available and allow other traffic to proceed
> as norma
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
> I work for several University astronomers who basically want something
> like what they're used to at other places: a pure sun shop, running
> NIS and NFS.
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used
I have a situation where my superiors are leaning heavily on me to make
life more convenient for them by having total availability of data from
a group of machines. They basically want to log into any one machine
within this group with the same password, and be able to access any
disks they choose
On Sun, 7 Apr 2002, Luca Filipozzi wrote:
> I suspect that if all your boxes are running Debian that your life will
> be made easier by all the Debian kerberos packages.
This is an interesting thread, and this comment just gave me an idea.
What if you use FreeS/WAN (or really, any sort of IPsec)
On Sun, Apr 07, 2002 at 10:04:01PM -0500, Rob VanFleet wrote:
> On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
> > Two choices for authentication (passwd + shadow):
> > (1) Kerberos
> > Never used it. Can't advise you.
>
> I've looked at Kerberos, but at least a cursory glanc
On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote:
> Two choices for authentication (passwd + shadow):
> (1) Kerberos
> Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at leaves the
impressions that it is ridiculously complicated to set up
hi ya
why not do the following ???
make one machine be your primary NIS server...
- all passwds defined there...
all other machines uses the NIS server for passwd authentication
and turn on ssh logins ( ~/.shosts ) w/o checking passwd
use automounter for /n//directories
Rob VanFleet <[EMAIL PROTECTED]> writes:
> They basically want to log into any one machine within this group
> with the same password, and be able to access any disks they choose
> from any pariticular machine (within this group).
An AFS-based setup is used at many places to great effect, especi
On Sun, Apr 07, 2002 at 09:02:56PM -0500, Rob VanFleet wrote:
> I work for several University astronomers who basically want something
> like what they're used to at other places: a pure sun shop, running
> NIS and NFS.
Two choices for authentication (passwd + shadow):
(1) Kerberos
Never used
I have a situation where my superiors are leaning heavily on me to make
life more convenient for them by having total availability of data from
a group of machines. They basically want to log into any one machine
within this group with the same password, and be able to access any
disks they choos
38 matches
Mail list logo
