On Sun, Apr 07, 2002 at 07:39:43PM -0700, Luca Filipozzi wrote: > Two choices for authentication (passwd + shadow): > (1) Kerberos > Never used it. Can't advise you.
I've looked at Kerberos, but at least a cursory glance at leaves the impressions that it is ridiculously complicated to set up and requires multiple servers. If someone has used it and can correct me, please do. > (2) LDAP > Use LDAP (recompile --with-tls flag) + libpam-ldap + libnss-ldap to do > the equivalent of NIS but securely. Without using SSL or Kerberos, would LDAP still be sending passwords across the net in plain text? [...] > Several choices for file sharing: > (1) NFS + iptables + tcpwrappers Doing that right now. > (2) SFS (see sfs-server sfs-client packages and www.fs.net) > Requires users to authenticate against the file server, also. > Consider using libpam-sfs (I'm rewriting it as we speak.) > (3) OpenAFS (see openafs-fileserver + openafs-client) > Also requirres users to authenticate against the file server, but > when used in a Kerberos environment, you only have to logon once due > to Kerberos' ticket-granting system. Both of these sound very promising. I had heard of AFS before, but not SFS. I'll have to research them further. I'll probably have even more questions after that though. :) > Hope this (probably incomplete) list helps, Immensely. Thanks for the information. Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]