Date: Wed, 15 Feb 2006 09:04:40 +0200 From: Danny Braniss <danny@cs.huji.ac.il> To: Luigi Rizzo <rizzo@icir.org> Cc: current@freebsd.org Subject: Re: options for centralized 'passwd' database for a diskless lab ? Message-ID: <E1F9GiO-000P7D-N9@cs1.cs.huji.ac.il> In-Reply-To: Your message of Tue, 14 Feb 2006 09:11:50 -0800 .
next in thread | raw e-mail | index | archive | help
> as per the subjects, what options do i have to set a centralized > 'passwd' database for a lab with FreeBSD diskless machines ? > > In the past (4.x times) i used YP/NIS which did the job but was > highly insecure (all traffic unencrypted) and also a bit of a pain to configure. > It was convenient though because it let users change their > password and other info just using the passwd command. > > I have been browsing around a bit, and i see that pam_* (tried pam_radius) > can do for the authentication part but not for the other info; > nss_* seems to be a better suit but the only thing i see is nss_ldap > and i am not familiar with the latter. > > So any suggestions or pointers to pages describing what to do ? > for NIS/YP replacement: look into hesiod, we have been using it for years! for the authentication problem: we have implemented a client/server solution. the encrypted password is kept in a secure server, and the clients send the password to this server. the communication is clear text, but it could be made encrypted. for distant/unsecure authentication we use a token generating card - OTP. this server also handles the MS authentication, OTP cards, etc. danny > cheers > luigi > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1F9GiO-000P7D-N9>