From owner-freebsd-questions@FreeBSD.ORG Sat Dec 13 10:25:28 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A57B2106564A for ; Sat, 13 Dec 2008 10:25:28 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5E0618FC0C for ; Sat, 13 Dec 2008 10:25:28 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LBRgZ-00057t-8h for freebsd-questions@freebsd.org; Sat, 13 Dec 2008 10:25:23 +0000 Received: from 193.33.173.33 ([193.33.173.33]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 13 Dec 2008 10:25:23 +0000 Received: from c.kworr by 193.33.173.33 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 13 Dec 2008 10:25:23 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Volodymyr Kostyrko Date: Sat, 13 Dec 2008 12:24:50 +0200 Lines: 26 Message-ID: References: <139b44430812112348k5c51072ie771913c982f7cfe@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 193.33.173.33 User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.8.1.18) Gecko/20081122 SeaMonkey/1.1.13 In-Reply-To: <139b44430812112348k5c51072ie771913c982f7cfe@mail.gmail.com> Sender: news Subject: Re: Centralized DB of "system" users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 10:25:28 -0000 Valentin Bud wrote: > There are different students that use those computers and they change > frequently. So i thought > to make a server, using FreeBSD (of course), that has a database of users so > the linux machines > don't have local users but they query the DB to get login credentials and > such. I don't > really know what to look for. So any suggestion and hints to how can i > achieve this > are welcomed. Try using Kerberos v5, everything you need resides in world and there is a good article in handbook on getting it working. This would be much more secure then NIS. Kerberos works as the authentication provider. You still should use some authorization provider or make users on all machines by hand. Authorization providers could be: 1. Hesiod. Designed together with Kerberos its currently slightly broken in our tree. 2. NIS. Just make sure you don't supply password hashes. It's good enough yet a bit outdated in my thought's. -- Sphinx of black quartz judge my vow.