From owner-freebsd-questions Sun Oct 20 19:45: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3B1537B401 for ; Sun, 20 Oct 2002 19:45:05 -0700 (PDT) Received: from dsl-64-128-185-9.telocity.com (dsl-64-128-185-9.telocity.com [64.128.185.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5425243E9C for ; Sun, 20 Oct 2002 19:44:59 -0700 (PDT) (envelope-from mjoyner2@hq.dyns.cx) Received: (from root@localhost) by dsl-64-128-185-9.telocity.com (8.12.6/8.11.5) id g9L2i1e9077215; Sun, 20 Oct 2002 22:44:01 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Received: from ip-24.internal (ip-34.internal [192.168.2.34]) by hq.dyns.cx (8.12.6/8.11.5av) with ESMTP id g9L2ec5u077098; Sun, 20 Oct 2002 22:40:39 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Received: from hq.dyns.cx (localhost [127.0.0.1]) by ip-24.internal (8.12.6/8.12.6) with ESMTP id g9L2fF1f071197; Sun, 20 Oct 2002 22:41:20 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Message-ID: <3DB3694B.2000303@hq.dyns.cx> Date: Sun, 20 Oct 2002 22:41:15 -0400 From: wolf User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3 X-Accept-Language: en-us MIME-Version: 1.0 To: David Loszewski Cc: freebsd-questions@freebsd.org Subject: Re: authentication server with group permissions? References: <20021019222345.DAYW18217.rwcrmhc51.attbi.com@rwcrwbc70> <3DB21FDB.8000005@hq.dyns.cx> <3DB33D0F.6010407@attbi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If you internal LAN is relatively secure you probably want to use NIS to give out the maps for master.passwd and group. To be extra safe, I would setup the maps so that all the passwords in the NIS master.passwd are '*' and use pam_smb or some such critter against your Samba PDC if you need UNIX login capabilities. (This presumes you are using windows workstations). You an also use other pam_* modules for the actual authentication, allowing you to keep the NIS passwords as '*'s so that if someone ever sniffs your lan traffic, etc, the NIS maps don't contain passwords. David Loszewski wrote: > basically what we are trying to accomplish is that I'm in an office with > may employees. > Say we have 5 different servers, and I have files on the servers that I > want all the employees in a specific group have read access to those > files, or write access depending on permissions for that group. So when > an employee logs into a server I want it to go to some internal > authentication server and tell the server that it's k for that person to > access that file. I want to do this without copying to passwd file to > each server. > > Dave > > wolf wrote: > >> could you be more specific? >> >> sharing files via NFS? >> transparent logging to other servers? >> other? >> >> What you are trying to do in particular affects how you >> accomplish your goal. >> >> stealth215@attbi.com wrote: >> >>> Could someone point me in the right direction to find >>> information on creating an authentication server in such >>> a way that if some user logs in on a particular machine, >>> as long as he is in a certain group he will have read >>> access to all/or certain files as well on other servers >>> depending on the group and rules set for that group? >>> >>> Dave >>> >>> To Unsubscribe: send mail to majordomo@FreeBSD.org >>> with "unsubscribe freebsd-questions" in the body of the message >>> >> >> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Michael Joyner FreeBSD System Administrator http://manhattan.hq.dyns.cx/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message