> as per the subjects, what options do i have to set a centralized > 'passwd' database for a lab with FreeBSD diskless machines ? > > In the past (4.x times) i used YP/NIS which did the job but was > highly insecure (all traffic unencrypted) and also a bit of a pain to configure. > It was convenient though because it let users change their > password and other info just using the passwd command. > > I have been browsing around a bit, and i see that pam_* (tried pam_radius) > can do for the authentication part but not for the other info; > nss_* seems to be a better suit but the only thing i see is nss_ldap > and i am not familiar with the latter. > > So any suggestions or pointers to pages describing what to do ? > for NIS/YP replacement: look into hesiod, we have been using it for years! for the authentication problem: we have implemented a client/server solution. the encrypted password is kept in a secure server, and the clients send the password to this server. the communication is clear text, but it could be made encrypted. for distant/unsecure authentication we use a token generating card - OTP. this server also handles the MS authentication, OTP cards, etc. danny > cheers > luigi > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" >Received on Wed Feb 15 2006 - 06:04:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:52 UTC