[OpenAFS] passwd synchro
Jan Hrabe
hrabe@balrog.aecom.yu.edu
Tue, 9 Oct 2001 10:41:03 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David> Hello, what is the best way of "synchronizing" passwd files
David> in OpenAFS environment? I have not find some notes in
David> documentation. But I'm thinking about NIS? Or is it
David> possible to setup AFS without synchronizing passwd? Thanks.
> You could choose not to sync password files. Or you could use LDAP.
> I recommend against NIS.
We use a setup where NIS distributes the passwd files except for the
passwords themselves, so the entries look like this:
username:X:110:5000:Full Name:/afs/cabi.rfmh.org/usr/userhome:/bin/bash
AFS is then used for authentication integrated into logins via PAM. That way,
the commands such as ls -l show human-readable (meaning not just a number)
user and group but the inherently insecure NIS distribution of passwords is
eliminated.
Honza
- ----------------------------------------------------------------------------------------------------
Jan Hrabe
Center for Advanced Brain Imaging
Nathan S. Kline Institute
140 Old Orangeburg Road
Orangeburg, NY 10962
tel.: (845) 398-5471
fax: (845) 398-5472
email: hrabe@balrog.aecom.yu.edu
PGP key fingerprint = 8621 ACC3 0BA3 260A 37A3 36C5 4187 2F56 E6AB 5CEB
- ----------------------------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7wwyJQYcvVuarXOsRAhSnAJ4/oCe77fWzgbQ4k2XuMS8UQsipOQCfcJ3k
dsL7Q2qiGk2V9B5OJu5gxfo=
=sjqN
-----END PGP SIGNATURE-----