> 2. Do we really need separate identities for separate machines? My > understanding was that the whole service/[EMAIL PROTECTED] convention > was for preventing man-in-the-middle attacks for things like > kerberized telnet. If we're only using kerberos in order to > support AFS, I don't know if it's really necessary.
We use kerberos for everything? Both for things that are running now, and things that we can add in the future. > Also, if we go with a single user per service across all hosts, > we can give it the same userid in /etc/passwd and pts, > eliminating the ID>1000 stuff. How would that affect Debian postinst scripts that do something like 'adduser --system mysql' ? > If possible, it would be nice to get a bit of discussion on #2 before > we move forward with this; I think it will save us lots of trouble... I don't think this is something that will be making any trouble.. It's just a decision, going in one way or another... However I'd like to see as much simplification as possible, so if you don't think we'll ever need this functionality, ... And you cou could also clarify the note about kerberos from above.. -doc _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
