Re: Setting up 10 486's with a server

1997-03-29 Thread Klee Dienes 

> place to deal with passwords, rather than all 10 user machines.  Even
> better would be to use kerberos to verify passwords through the current
> Project Vincent.  Is this doable?

There should be debian versions of both Kerberos 4 and Kerberos 5
available on the non-US site within the next week or so.  Some
configuration (notably to XDM) to use Kerberos for local logins will
still be necessary, but the Kerberos packages should get you most of
the way there.

Note however that using Kerberos for local login security can be
problematic if you are not careful --- in particular, unless you have
a local service key installed on each machine, you leave yourself
vulnerable to spoofing the workstation by sending fake Kerberos reply
packets.  (The resulting tickets aren't useful for network
authentication, but they're enough to trick the workstation into
letting the intruder log in).  Of course, if you're using the "public
workstation" model used by Athena, this may not matter to you.

Setting up 10 486's with a server

1997-03-29 Thread Rick Hawkins 

Our department will be converting a pile of old 486/33 boxes to debian
linux.  They will have two (expected :) primary purpose:  standalone to
execute lyx for writing theses & dissertations, and as x-terminals to 
our
larger alpha workstations.

There is really no budget fo this; we're using oure obsolete machines.  
And
there will be at best minimal formal support.

The campus also has workstations throughout, with a central afs file
system.  "Project Vincent" is based on MIT's "Project Athena."

>From the list of machines and parts, we can apparently assemble 11
machines.  Between them we have 5x210mb, and 11x80mb hard drives.  There 
is
a single set of 4x4mb simms, and a slew of 1mb simms.

My currrent thinking is setting up one machine as a server, with 3x210 
hard
drives, and 20mb memory, and the rest with 8mb, and the hard disks
distributed.

Setting up the server shouldn't be a problem; i've done this before.  
The
problem is how to manage the other 10 machines, most of which will be
graduate computer rooms.

My current thinking is to install everything in sight on the server, put 
it
last on the local paths, and put common executables onto the individual
machines.  (WIth a pair of 80mb drives, these machines don't have enough
room for full installation of the packages they need.)  Will this work?

Another concern is password control.  It would be nice to have a single
place to deal with passwords, rather than all 10 user machines.  Even
better would be to use kerberos to verify passwords through the current
Project Vincent.  Is this doable?

The /home directories are another concern.  I suppose that these could
reside on the server, but that sounds like heavy traffic.  Is it 
practical
to create a login process that untars the directory from the server, 
then
tars and deletes it at logout?

And what about auto-remounting of the server?  I have heard of problems
requirng rebooting of all of the clients, but this doesn't make sense.  
It
seems that they should be able to auto-remount.  

For that matter, can the 486/33 handle being an afs rather than nfs 
server?

Come to think of it, we do have novell servers for the windows machines. 
Could these (without modificationor upgrade :) serve the linux boxes?

Rick