From owner-freebsd-questions  Mon Sep 11 23:39:39 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 41E7937B424
	for <questions@freebsd.org>; Mon, 11 Sep 2000 23:39:37 -0700 (PDT)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Mon, 11 Sep 2000 23:38:30 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8C6dYL69338;
	Mon, 11 Sep 2000 23:39:34 -0700 (PDT)
	(envelope-from cjc)
Date: Mon, 11 Sep 2000 23:39:34 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Drew Sanford <drew@planetwe.com>
Cc: questions@FreeBSD.ORG
Subject: Re: Passwords && loadbalancing && multiple machines (oh my)
Message-ID: <20000911233934.K69158@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <39BD16E9.E5D40A67@planetwe.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <39BD16E9.E5D40A67@planetwe.com>; from drew@planetwe.com on Mon, Sep 11, 2000 at 12:31:21PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Sep 11, 2000 at 12:31:21PM -0500, Drew Sanford wrote:
> I need to set up multiple computers to be aware of the same set of
> users. I am aware that utilities exist to do this (NIS, Kerberos?) but I
> have no experience with them, and was wondering what people out there
> who have done this would recommend for the job. Is there something I
> don't know about that's better than these two? What are the pros and
> cons of them? Any help or advice is apreciated.

NIS is easy to configure, run, not a lot of overhead, and is
compatible with many other UNIX flavors. The drawback is the
security... or the severe lack of it. If you are behind a firewall,
have _tight_ control of your network, and are not too worried about
malicious users, the security risk might be worth it.

Kerberos is not easy to configure and requires more resources. if you
are sharing between three machines, setting up a fourth to be the
server might not be worth it. I have used Kerberized environments, but
never built one from scratch. The plus: very strong security. But
whereas NIS is very weak, Kerberos can be overkill.

Finally, there is always the option of syncing your user info files
manually. If there are few machines and user info does not change
rapidly, your own custom system to sync files might be a more secure
solution with little to no more than NIS.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message