Date: Thu, 22 Jul 2004 13:35:14 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-questions@freebsd.org Subject: Re: User Accounts across multiple machines Message-ID: <20040722193514.GR597@seekingfire.com> In-Reply-To: <20040722142336.70c55f16.wmoran@potentialtech.com> References: <1090519611.584.1.camel@mgl.magellanhealth.com> <20040722142336.70c55f16.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 22, 2004 at 02:23:36PM -0400, Bill Moran wrote: > Ray Seals <rseals@vdsi.net> wrote: > > > I have 15 FreeBSD machines on my network (soon to be around 30) and want > > to synch all the machines userid and passwords. Is NIS still the > > primary way to do this or is there a better solution? > > As far as I understand it, yes. Although Kerberos seems to be a practical > alternative. With 5.x, there is more support for pam, thus opening up > your choices to things like LDAP. I use NIS (for meta-data) in combination with Kerberos (for authentication), with the NIS service run over a special VLAN with IPsec transport mode in place. This covers the security problems in the design of NIS that I'm familair with, uses only tools found in the base FreeBSD install, works across Unix-like platforms (and versions, such as 4.X vs 5.X), and provides other benefits such as single sign-on. -T -- Page 461: Tools that are simple enough to use the first day are often a real pain after the first month. - Harley Hahn, _The Unix Companion_
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040722193514.GR597>