Date: Sun, 20 Oct 2002 22:41:15 -0400 From: wolf <mjoyner2@hq.dyns.cx> To: David Loszewski <stealth215@attbi.com> Cc: freebsd-questions@freebsd.org Subject: Re: authentication server with group permissions? Message-ID: <3DB3694B.2000303@hq.dyns.cx> References: <20021019222345.DAYW18217.rwcrmhc51.attbi.com@rwcrwbc70> <3DB21FDB.8000005@hq.dyns.cx> <3DB33D0F.6010407@attbi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
If you internal LAN is relatively secure you probably want to use NIS to give out the maps for master.passwd and group. To be extra safe, I would setup the maps so that all the passwords in the NIS master.passwd are '*' and use pam_smb or some such critter against your Samba PDC if you need UNIX login capabilities. (This presumes you are using windows workstations). You an also use other pam_* modules for the actual authentication, allowing you to keep the NIS passwords as '*'s so that if someone ever sniffs your lan traffic, etc, the NIS maps don't contain passwords. David Loszewski wrote: > basically what we are trying to accomplish is that I'm in an office with > may employees. > Say we have 5 different servers, and I have files on the servers that I > want all the employees in a specific group have read access to those > files, or write access depending on permissions for that group. So when > an employee logs into a server I want it to go to some internal > authentication server and tell the server that it's k for that person to > access that file. I want to do this without copying to passwd file to > each server. > > Dave > > wolf wrote: > >> could you be more specific? >> >> sharing files via NFS? >> transparent logging to other servers? >> other? >> >> What you are trying to do in particular affects how you >> accomplish your goal. >> >> stealth215@attbi.com wrote: >> >>> Could someone point me in the right direction to find >>> information on creating an authentication server in such >>> a way that if some user logs in on a particular machine, >>> as long as he is in a certain group he will have read >>> access to all/or certain files as well on other servers >>> depending on the group and rules set for that group? >>> >>> Dave >>> >>> To Unsubscribe: send mail to majordomo@FreeBSD.org >>> with "unsubscribe freebsd-questions" in the body of the message >>> >> >> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Michael Joyner FreeBSD System Administrator http://manhattan.hq.dyns.cx/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DB3694B.2000303>