From owner-freebsd-questions@FreeBSD.ORG Thu Jul 22 19:35:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C21016A52D for ; Thu, 22 Jul 2004 19:35:16 +0000 (GMT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id F173943D1F for ; Thu, 22 Jul 2004 19:35:15 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 2B03A1CB; Thu, 22 Jul 2004 13:35:15 -0600 (CST) Date: Thu, 22 Jul 2004 13:35:14 -0600 From: Tillman Hodgson To: freebsd-questions@freebsd.org Message-ID: <20040722193514.GR597@seekingfire.com> References: <1090519611.584.1.camel@mgl.magellanhealth.com> <20040722142336.70c55f16.wmoran@potentialtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040722142336.70c55f16.wmoran@potentialtech.com> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: Re: User Accounts across multiple machines X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2004 19:35:16 -0000 On Thu, Jul 22, 2004 at 02:23:36PM -0400, Bill Moran wrote: > Ray Seals wrote: > > > I have 15 FreeBSD machines on my network (soon to be around 30) and want > > to synch all the machines userid and passwords. Is NIS still the > > primary way to do this or is there a better solution? > > As far as I understand it, yes. Although Kerberos seems to be a practical > alternative. With 5.x, there is more support for pam, thus opening up > your choices to things like LDAP. I use NIS (for meta-data) in combination with Kerberos (for authentication), with the NIS service run over a special VLAN with IPsec transport mode in place. This covers the security problems in the design of NIS that I'm familair with, uses only tools found in the base FreeBSD install, works across Unix-like platforms (and versions, such as 4.X vs 5.X), and provides other benefits such as single sign-on. -T -- Page 461: Tools that are simple enough to use the first day are often a real pain after the first month. - Harley Hahn, _The Unix Companion_