From owner-freebsd-hackers Sun Apr 20 13:49:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA15779 for hackers-outgoing; Sun, 20 Apr 1997 13:49:41 -0700 (PDT) Received: from borg.mindspring.com (borg.mindspring.com [204.180.128.14]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA15759; Sun, 20 Apr 1997 13:49:34 -0700 (PDT) Received: from bogus.mindspring.com (user-37kbte1.dialup.mindspring.com [207.69.245.193]) by borg.mindspring.com (8.8.5/8.8.5) with SMTP id QAA04064; Sun, 20 Apr 1997 16:45:39 -0400 (EDT) Message-Id: <1.5.4.32.19970420204545.008f9a20@mindspring.com> X-Sender: kpneal@mindspring.com X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sun, 20 Apr 1997 16:45:45 -0400 To: "Michael L. VanLoon -- HeadCandy.com" From: "Kevin P. Neal" Subject: Re: Need a common passwd file among machines Cc: Alex Belits , Vinay Bannai , freebsd-hackers@freebsd.org, freebsd-isp@freebsd.org Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 12:54 AM 4/20/97 -0700, Michael L. VanLoon -- HeadCandy.com wrote: >>At NCSU they use Hesiod+Kerberos to handle logins. This way they don't have >>to keep I don't know how many hundred or thousand machines /etc/passwd files >>current. >>Also, they don't have passwords going on the wire in the clear -- the passwords >>are handled in a safe manner by Kerberos. Along with this is the fact that >>passwords are *never* stored on client machines -- a security bonus. >>This is much saner than distributing /etc/passwd files everywhere, IMHO. > >It's a proven model that works well. Iowa State was (is) doing the >same thing. Over 20,000 user accounts. Trust me, you don't want a >local passwd file with 20,000 users in it. (Actually, I believe >they're over 30,000 now.) I'd hate to see a site with a couple >hundred thousand accounts set up like that... > >Hesiod distributes this really nicely. And Kerberos is about as >secure as Unix can get. Together, they work way better than NIS. >Look for information on these, or Project Athena, for more info. Yup. I don't know how many active accounts there are at NCSU, but there are over 50,000 user home directories, spread across two AFS cells. Every student in the university has an account. I'm told that people from MIT have actually come down, looked at NCSU's system, and commented on how it's better than MIT's. (could just be folklore) But yes, NCSU's system was modeled after Project Athena. The original name of NCSU's system was "Project Eos". I would hate to see 50,000 line long /etc/passwd files copied everywhere. Plus, it was kinda funny watching a friend of mine looking up the name of his pop server -- via the host command. -- XCOMM Kevin P. Neal, Junior, Comp. Sci. - House of Retrocomputing XCOMM mailto:kpneal@pobox.com - http://www.pobox.com/~kpn/ XCOMM kpneal@eos.ncsu.edu Spoken by Keir Finlow-Bates: XCOMM "Good grief, I've just noticed I've typed in a rant. Sorry chaps!"