Luigi Rizzo wrote: > as per the subjects, what options do i have to set a centralized > 'passwd' database for a lab with FreeBSD diskless machines ? > > In the past (4.x times) i used YP/NIS which did the job but was > highly insecure (all traffic unencrypted) and also a bit of a pain to configure. > It was convenient though because it let users change their > password and other info just using the passwd command. Yes. Sun solved the issue of plaintext traffic via SecureRPC, which adds encryption to the low-level protocol that YP/NIS talks over. I don't believe FreeBSD supports SecureRPC, but I'd be happy to be wrong about that. > I have been browsing around a bit, and i see that pam_* (tried pam_radius) > can do for the authentication part but not for the other info; > nss_* seems to be a better suit but the only thing i see is nss_ldap > and i am not familiar with the latter. > > So any suggestions or pointers to pages describing what to do ? Most people seem to end up with LDAP, and spend a fair amount of time going through the O'Reilly book (which is worth a read) and looking at various schemas to figure out how to organize their info. Even so, LDAP is kinda painful to setup. You might take a look at how Samba integrates with LDAP, since that also plays nice with Windows and Mac clients. If you install Webmin, you can use a point-n-click interface which is easier than gaining a low-level understanding of how the pieces work together. Webmin will deal with syncronizing the Samba users and actual FreeBSD user accounts if you change information; otherwise you end up having to configure a script for smbpasswd, or you end up having users run both passwd and smbpasswd. -- -ChuckReceived on Tue Feb 14 2006 - 17:40:49 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:52 UTC