From owner-freebsd-security@FreeBSD.ORG Wed Jul 30 15:57:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 120AF37B404 for ; Wed, 30 Jul 2003 15:57:24 -0700 (PDT) Received: from pimout1-ext.prodigy.net (pimout1-ext.prodigy.net [207.115.63.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAD0D43F85 for ; Wed, 30 Jul 2003 15:57:22 -0700 (PDT) (envelope-from metrol@metrol.net) Received: from adsl-67-121-60-9.dsl.anhm01.pacbell.net (adsl-67-121-60-9.dsl.anhm01.pacbell.net [67.121.60.9])h6UMvLUN061368 for ; Wed, 30 Jul 2003 18:57:21 -0400 From: Michael Collette To: FreeBSD Security Date: Wed, 30 Jul 2003 15:53:40 -0700 User-Agent: KMail/1.5.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200307301553.40385.metrol@metrol.net> Subject: Kerberos to file server X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 22:57:24 -0000 Howdy, I may be approaching this problem entirely wrong, or not. Was hoping for a= =20 little guidance one way or the other. I've got this AS/400 with gobs of unused file storage on it that I want to= =20 share across as a file server to a FreeBSD box. The AS/400 side of things= =20 supports NFS and kinda pretends to be a Unix like machine in this role. Users will be booting from diskless clients hosted from the FreeBSD box. T= he=20 base directories like /usr and such will come from there. I want to have=20 user alterable stuff like /home and shared directories to be hosted over on= =20 the AS/400, as it's got all the space. My primary problem with this is insuring one login gets you access to both = the=20 =46reeBSD box as well as the shares on the AS/400. I don't want to have us= ers=20 log into the FreeBSD box then need to again do a login again to the AS/400. =46rom what I've read thus far it "seems" that configuring Kerberos between= the=20 two is the way to go about this. The handbook talks about setting up a=20 remote loging kind of thing, but nothing about how to handle NFS permission= s. =20 I also don't quite get how to automate the process of authenticating and=20 mounting upon initial login. Question 1: Am I heading down the right road, or are there other options I= =20 should be considering first? Question 2: If I'm on the correct path where should I look for some kind of= a=20 tutorial for the mechanics of getting this to happen? Thanks, =2D-=20 "In theory, there is no difference between theory and practice. In practice, there is." =2D Yogi Berra