Date: Sun, 20 Apr 1997 16:45:45 -0400 From: "Kevin P. Neal" <kpneal@pobox.com> To: "Michael L. VanLoon -- HeadCandy.com" <michaelv@MindBender.serv.net> Cc: Alex Belits <abelits@phobos.illtel.denver.co.us>, Vinay Bannai <vinay@agni.nuko.com>, freebsd-hackers@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Need a common passwd file among machines Message-ID: <1.5.4.32.19970420204545.008f9a20@mindspring.com>
next in thread | raw e-mail | index | archive | help
At 12:54 AM 4/20/97 -0700, Michael L. VanLoon -- HeadCandy.com wrote: >>At NCSU they use Hesiod+Kerberos to handle logins. This way they don't have >>to keep I don't know how many hundred or thousand machines /etc/passwd files >>current. >>Also, they don't have passwords going on the wire in the clear -- the passwords >>are handled in a safe manner by Kerberos. Along with this is the fact that >>passwords are *never* stored on client machines -- a security bonus. >>This is much saner than distributing /etc/passwd files everywhere, IMHO. > >It's a proven model that works well. Iowa State was (is) doing the >same thing. Over 20,000 user accounts. Trust me, you don't want a >local passwd file with 20,000 users in it. (Actually, I believe >they're over 30,000 now.) I'd hate to see a site with a couple >hundred thousand accounts set up like that... > >Hesiod distributes this really nicely. And Kerberos is about as >secure as Unix can get. Together, they work way better than NIS. >Look for information on these, or Project Athena, for more info. Yup. I don't know how many active accounts there are at NCSU, but there are over 50,000 user home directories, spread across two AFS cells. Every student in the university has an account. I'm told that people from MIT have actually come down, looked at NCSU's system, and commented on how it's better than MIT's. (could just be folklore) But yes, NCSU's system was modeled after Project Athena. The original name of NCSU's system was "Project Eos". I would hate to see 50,000 line long /etc/passwd files copied everywhere. Plus, it was kinda funny watching a friend of mine looking up the name of his pop server -- via the host command. -- XCOMM Kevin P. Neal, Junior, Comp. Sci. - House of Retrocomputing XCOMM mailto:kpneal@pobox.com - http://www.pobox.com/~kpn/ XCOMM kpneal@eos.ncsu.edu Spoken by Keir Finlow-Bates: XCOMM "Good grief, I've just noticed I've typed in a rant. Sorry chaps!"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1.5.4.32.19970420204545.008f9a20>