[OpenAFS] Authorization Setup for AFS?
23 Feb 2001 16:40:04 -0500
Any of NIS, Hesiod, LDAP, etc. work fine. Choose whichever you
James Graves <firstname.lastname@example.org> writes:
> Hello all,
> I'm looking to implement OpenAFS later this year on some Linux boxen
> (and maybe OpenBSD if a port becomes available). I also may have to
> incorporate a few Windows (NT 4.0 and/or 2000).
> As I understand it, Kerberos only provides authentication, not
> authorization. This implies that other information (the user's full
> name & unix ID, mail aliases, etc.) needs to be distributed via other
> means. I believe NIS is most commonly used, but I've heard LDAP
> mentioned as well.
> I administer a relatively small network, so entirely reimplementing the
> existing authorization system (NIS) is reasonable. I guess I'm asking
> you all out there, "If you had to do it all over again, what would you
> I know that the biggest problem with NIS is that the encrypted passwords
> are out in the open (discounting the non-standard shadow map
> implementations), but that's solved by Kerberos. Are there other
> security issues with NIS that would warrant it's replacement? I'm not
> too familiar with LDAP, and I don't know how well it can be integrated
> into a Linux environment.
> Any suggestions would be appreciated.
> James Graves
> "I've mastered every game in life except the most important one, life
> itself." -- a quote for the new millenium.
> OpenAFS-info mailing list
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available