Bryan Murdock wrote: > It's been a while since I've looked at setting this up, but if a group > has a number of linux machines and each user wants to be able to log > on to each machine and have access to the same home directory, is the > state of the art still nfs and nis? I'm talking maybe 10 people at > most, each with a desktop machine, and then a few extra machines in a > data center. We at least want everyone to have the same home > directory on the data center machines as they have on their desktop. > Extra credit if Bob can log on to Joe's machine and get his home > directory there.
NIS has been obsolete for quite a few years now. LDAP is the accepted solution. Even for a small number of users it is not bad to set up. phpldapadmin is a great front-end for managing it. For a large enterprise Kerberos would be added to the mix as well. Your choices for file serving are really NFS and smb. NFSv3 is not secure at all unless you control the client machines. NFSv4 can be secured with Kerberos, but documentation on how to do this is severely lacking. smb with Samba is another option too--there is a pam module out there somewhere that will mount directories from samba on login. The main problem with NFSv4 and SMB home directories is that you have to use password-based or kerberos-ticket authentication in order for the mount to be authenticated and succeed. You cannot ssh in with an RSA key, for example, as the mount requires credentials. Samba 4 might be usable soon. It has an integrated LDAP server that might be easier to use than standalone ones like OpenLDAP or the Fedora Directory Server (or whatever it is called these days). > What if we don't have one server with a hard drive big enough to store > every users home directory, but, for example, each user has a desktop > machine with a drive plenty big enough for him self. Would it be > foolhardy to make each workstation an nfs server and have any other > machine you log into auto-mount your home directory on your > workstation? Could work. Might be a bit complicated, though. -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
