From owner-freebsd-isp  Mon Dec 30 09:10:28 1996
Return-Path: <owner-isp>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id JAA05965
          for isp-outgoing; Mon, 30 Dec 1996 09:10:28 -0800 (PST)
Received: from Zero-Cool.Hades.Org (nobody@d1a24.uk.pi.net [194.73.76.24])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id JAA05954
          for <freebsd-isp@freebsd.org>; Mon, 30 Dec 1996 09:10:24 -0800 (PST)
From: pumpkin@uk.pi.net
Received: from localhost (scot@localhost) by Zero-Cool.Hades.Org (8.7.5/8.7.3) with SMTP id RAA00326; Mon, 30 Dec 1996 17:09:56 GMT
Date: Mon, 30 Dec 1996 17:09:56 +0000 (GMT)
X-Sender: scot@Zero-Cool.Hades.Org
Reply-To: pumpkin@uk.pi.net
To: "Troy W. Settle" <pitlord@USIT.NET>
cc: FreeBSD-isp mailing list <freebsd-isp@freebsd.org>
Subject: Re: network configuration
In-Reply-To: <Pine.GSO.3.95.961229210801.12458B-100000@use.usit.net>
Message-ID: <Pine.BSI.3.95.961230170602.278B-100000@Zero-Cool.Hades.Org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


> 
> Currently, the plan is to keep /home on prime, and use nfs to mount it on
> radford.  All 3 machines will need to be able to authenticate users, and 2
> of them will need to keep track of each user's $HOME
> 
> What's the best way to go about doing this?  I really don't think that
> manually updating /etc/passwd is an option, as it would have to be done
> after every time a user changes his password.

	How about Kerberos for the authentication stuff and spreading your
home directories over the 3 machines and using AMD to auto-mount them onto
your shell/web server when required?

This is the sort of setup that is used by our department at college -
students' homes are split over several file servers and access to
various machines for shell accounts is controled by kerberos.

> 
> There's lots of options, I'm wondering which offers the best security for
> the convenience, and which is easiest to install.
> 
> Also, how do I restrict shell access to just the one machine?
> 
> 
> 
> Thanks in advanced for any info you can offer,
> 
> Troy
> 
> 

Scot.

---------------------------------------------------------------------------
| Scot Elliott	                    |   Please note that any opinions     |
| MEng Computing IV.                |   expressed are mine, and not those |
| Imperial College, London          |   of the department or college.     |
---------------------------------------------------------------------------
| e-mail: s.elliott@ic.ac.uk        |   IRC nick: PlumbrBoy               |
|         pumpkin@uk.pi.net         |   "You are everything in my fridge" |
---------------------------------------------------------------------------