Date: Tue, 14 Feb 2006 13:40:51 -0500 From: Chuck Swiger <cswiger@mac.com> To: Luigi Rizzo <rizzo@icir.org> Cc: current@freebsd.org Subject: Re: options for centralized 'passwd' database for a diskless lab ? Message-ID: <43F22433.3080500@mac.com> In-Reply-To: <20060214091150.A70808@xorpc.icir.org> References: <20060214091150.A70808@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote: > as per the subjects, what options do i have to set a centralized > 'passwd' database for a lab with FreeBSD diskless machines ? > > In the past (4.x times) i used YP/NIS which did the job but was > highly insecure (all traffic unencrypted) and also a bit of a pain to configure. > It was convenient though because it let users change their > password and other info just using the passwd command. Yes. Sun solved the issue of plaintext traffic via SecureRPC, which adds encryption to the low-level protocol that YP/NIS talks over. I don't believe FreeBSD supports SecureRPC, but I'd be happy to be wrong about that. > I have been browsing around a bit, and i see that pam_* (tried pam_radius) > can do for the authentication part but not for the other info; > nss_* seems to be a better suit but the only thing i see is nss_ldap > and i am not familiar with the latter. > > So any suggestions or pointers to pages describing what to do ? Most people seem to end up with LDAP, and spend a fair amount of time going through the O'Reilly book (which is worth a read) and looking at various schemas to figure out how to organize their info. Even so, LDAP is kinda painful to setup. You might take a look at how Samba integrates with LDAP, since that also plays nice with Windows and Mac clients. If you install Webmin, you can use a point-n-click interface which is easier than gaining a low-level understanding of how the pieces work together. Webmin will deal with syncronizing the Samba users and actual FreeBSD user accounts if you change information; otherwise you end up having to configure a script for smbpasswd, or you end up having users run both passwd and smbpasswd. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F22433.3080500>