From owner-freebsd-questions@FreeBSD.ORG Fri Aug 11 02:41:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7978916A4E2 for ; Fri, 11 Aug 2006 02:41:10 +0000 (UTC) (envelope-from tillman@seekingfire.com) Received: from mail.seekingfire.com (caliban.seekingfire.com [24.89.83.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9109F43D4C for ; Fri, 11 Aug 2006 02:41:08 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 6A26E1CB; Thu, 10 Aug 2006 20:41:07 -0600 (CST) Date: Thu, 10 Aug 2006 20:41:07 -0600 From: Tillman Hodgson To: freebsd-questions@freebsd.org Message-ID: <20060811024107.GW2959@seekingfire.com> References: <44D3AD1E.5010807@u.washington.edu> <9aa9fc180608101132i68956d5fg2bae5f411c6ad9f8@mail.gmail.com> <44DBD3E2.5060609@u.washington.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44DBD3E2.5060609@u.washington.edu> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: NIS and Kerberos 5 : is it possible / smart? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 02:41:10 -0000 > > On 8/4/06, Garrett Cooper wrote: > >> Hi all, > >> Just wondering if it's possible for NIS and Kerberos 5 to work in > >> tandem with one another, such that NIS would handle groups and > >> configuration file management and Kerberos would handle authentication > >> only. Also, is this sort of overkill perhaps, where NIS is not really > >> needed? > >> I basically have 3+ machines (2 desktops, 1 laptop, currently), and > >> I want to keep my credentials and information uniform across the > >> machines as much as possible. The network I would be implementing this > >> on is a low-traffic, private network. (sorry for hijacking another persons reply, but I didn't have the original post available to reply to) Kerberos works fine with NIS. It's more secure if you run both over IPsec (host-to-host transport mode for the local network) because that ensures that the NIS maps themselves maintain integrity (secrecy isn't needed with them, integrity is), though it's not necessary for many environments. This has come up on these lists a few times in the past. Here's some links to the threads in the archives: http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018487.html http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018838.html http://archives.neohapsis.com/archives/freebsd/2003-09/0224.html -T -- "Who would have suspected that life was all going to turn out well?" -- Robert Allen