Date: Fri, 26 Mar 1999 12:57:40 +0200 (EET) From: Narvi <narvi@haldjas.folklore.ee> To: Andrew Hobson <ahobson@eng.mindspring.net> Cc: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH Message-ID: <Pine.BSF.3.96.990326125648.5291A-100000@haldjas.folklore.ee> In-Reply-To: <kjg16ttnm1.fsf@computer.eng.mindspring.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Mar 1999, Andrew Hobson wrote: > On Thu, 25 Mar 1999 10:33:39 -0800 (PST), Matthew Dillon <dillon@apollo.backplane.com> said: > > > Provisioning for administrative accounts is easy. We do it by hand. > > Most employees only have access to one administrative machine. Employees > > are given access to other peripheral machines depending on their job. > > Except for the one employee machine, these accounts do not have home > > directories and the password field is '*' ( i.e. kerberos/ssh-only > > access ). Access is controlled through kerberos. > > At work we have about a hundred machines and we access them via > kerberos. Admins have accounts on all boxes. If we need to add or > remove a user, it's a bit of a pain to manually update the password > file on every machine. > > We're a bit concerned about doing it automatically, because if > something goes wrong, /etc/passwd might be corrupted or nonexistant. > I'm not a big fan of NIS. > > I'm sure we can come up with an automated solution that will be > reasonably safe, but I was wondering how other people solved this > problem. You might have a look at Hesiod. I have considered it once or twice, but have never had the time to implement it. There is a port in the ports collection > > Drew > Sander There is no love, no good, no happiness and no future - all these are just illusions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990326125648.5291A-100000>