From owner-freebsd-security  Sun Apr  7 10:20:19 2002
Delivered-To: freebsd-security@freebsd.org
Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67])
	by hub.freebsd.org (Postfix) with ESMTP id 9B8AB37B405
	for <freebsd-security@freebsd.org>; Sun,  7 Apr 2002 10:20:15 -0700 (PDT)
Received: from 212-100-182-20.adsl.easynet.be ([212.100.182.20] helo=ws-freebsd.defcon1.no-ip.com)
	by bigglesworth.mail.be.easynet.net with smtp (Exim 3.35 #1)
	id 16uGKn-0002Xa-00
	for freebsd-security@freebsd.org; Sun, 07 Apr 2002 19:20:09 +0200
Date: Sun, 7 Apr 2002 19:20:04 +0200
From: Pieter Danhieux <pdanhieux@easynet.be>
To: freebsd-security@freebsd.org
Subject: Re: Centralized authentication
Message-Id: <20020407192004.5cbecd18.pdanhieux@easynet.be>
In-Reply-To: <20020406170014.5f47c85f.cyschow@shaw.ca>
References: <874riov1et.wl@delta.meridian-enviro.com>
	<20020406170014.5f47c85f.cyschow@shaw.ca>
X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, 6 Apr 2002 17:00:14 -0700
Samuel Chow <cyschow@shaw.ca> wrote:

> On Sat, 06 Apr 2002 17:43:22 -0600
> "Douglas K. Rand" <rand@meridian-enviro.com> wrote:
> 
> > We have a few dozen FreeBSD workstaions and servers and as their
> > numbers increase managing users and groups via indvidual /etc/passwd
> > and /etc/group files is getting more and more tiresome. We also have
> > just a few Linux boxes.
> 
> 	How about NIS?  I use it at home with a total
> 	of two machines and one users.
> 
> ---
> Samuel Chow
> cyschow@shaw.ca
> 
> Segmentation Fault (core dumped)
> This message is displayed using recycled electrons.
> 

NIS is a security issue, cause it sends the passwords file trough the network, and any user can sniff it or get it by 'ypcat passwd'. So i would suggest a combination of NIS and RADIUS. NIS takes care of the home directories and users, and RADIUS would authenticate the users. We use it at the University of Gent in our little basement for  6 pc's and 50 users ...

regards,

Pieter Danhieux

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message