[OpenAFS] Authorization Setup for AFS?

Derek Atkins warlord@MIT.EDU
23 Feb 2001 16:40:04 -0500

Any of NIS, Hesiod, LDAP, etc. work fine.  Choose whichever you


James Graves <ansible@xnet.com> writes:

> Hello all,
> I'm looking to implement OpenAFS later this year on some Linux boxen
> (and maybe OpenBSD if a port becomes available).  I also may have to
> incorporate a few Windows (NT 4.0 and/or 2000).
> As I understand it, Kerberos only provides authentication, not
> authorization.  This implies that other information (the user's full
> name & unix ID, mail aliases, etc.) needs to be distributed via other
> means.  I believe NIS is most commonly used, but I've heard LDAP
> mentioned as well.
> I administer a relatively small network, so entirely reimplementing the
> existing authorization system (NIS) is reasonable.  I guess I'm asking
> you all out there, "If you had to do it all over again, what would you
> choose?"
> I know that the biggest problem with NIS is that the encrypted passwords
> are out in the open (discounting the non-standard shadow map
> implementations), but that's solved by Kerberos.  Are there other
> security issues with NIS that would warrant it's replacement?  I'm not
> too familiar with LDAP, and I don't know how well it can be integrated
> into a Linux environment.
> Any suggestions would be appreciated.
> Thanks,
> James Graves
> -- 
>   "I've mastered every game in life except the most important one, life
>   itself."  -- a quote for the new millenium.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-info

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available