On 01/13/2012 08:25 PM, luxInteg wrote: > > I have looked at the blfs-bootsctipts and I do not see any for krb5-client. > So I would be grateful to know:-. > --Does the nfs4-server and client both run kdc's? > --should krb5.login be running as a daemon ? >
If you really want to separate them, that is fine. There is no reason that you should have to put authentication services on the storage server itself, saving for the obvious case of the authentication server being down rendering all boxes useless without having real local users. There is no "client" as you put it, but kerberized tools. In your case you are probably looking at PAM modules (PAM_KRB5) to handle authentication, and NFS/NIS I really can't help with any longer because it's been so long since I messed with them. My assumption is that NSS is still handled internally for NIS (is there any NSS_NIS?) but I recall nothing about how the mappings actually work in that case. My preferred testing ground now days is Kerberos for authentication, LDAP for address book and UID/GID mappings, and Samba for network storage. My setup of course requires NSS_LDAP and PAM_KRB5. There are plenty of tools and tutorials available to get it working correctly in a matter of hours (days? weeks? ;-) ). All of the above I am a little rusty on however...so little play time any more. -- DJ Lucas -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page