LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 04-24-2008, 08:15 PM   #1
arew264
Member
 
Registered: Jul 2005
Distribution: Arch Linux / Debian Etch (soon) / have tried many others
Posts: 94

Rep: Reputation: 15
Network Logon


I'm trying to set up a working model of a linux computer lab in an effort to get one set up at my high school. Dunno if it'll work but... that's another thread

Anyway, I have a server, and after my first round of research/googling, I got Kerberos set up. I can understand how it works and all that's good, but it seems ther kerberos simply doesn't facilitate full network logins; the users still must have an entry in /etc/passwd. Is this a misconfiguration on my part, or is it actually the case?

Searching here, I stumbled upon this link:
http://www.linuxjournal.com/article/7334

A NIS setup is described there that facilitates network logons. Should I try to get NIS working instead?



Once all that is past, can anyone recommend a method for mounting home directories over the network?
I hesitate to use NFS because someone with a laptop running linux could just connect to the network, mount the share, and get root access to it, or such is my understanding.

With Kerberos, I was looking hard at using AFS, which is a distributed network file system that uses Kerberos for authentication. Using AFS will be difficult if I switch to NIS, it seems, so can someone point me in the right direction?

Thanks in advance, I seem to be in a bit over my head.
 
Old 04-26-2008, 10:05 AM   #2
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
This stuff is a bit complex - the Microsoft and Apple implementations hide a lot of the technical workings, which you are manually setting up here. For a small network there are three better solutions than setting up this manually (see below), but to answer your question:

The core of your network identity system is really the directory service. The directory stores records for each user, and may hold information about computers etc. as well. Lots of existing UNIX networks still use NIS, but this is deprecated, and you should use LDAP when you set up a new directory. If you configure a UNIX system to use LDAP then user records may be held in either the /etc/passwd file of the system ("local account") *or* in the LDAP directory ("network account"). You can use LDAP like this without Kerberos. The Kerberos service simply adds a stronger and more convenient security layer.

The LDAP and Kerberos software provided with UNIX-like systems is intended for people who want to configure their own custom setups with their own interfaces. Better options for small networks:

- Thin clients. You create the user account as normal on the server, and users can then use any thin client attached to that server with no extra work. Edubuntu installs and configures everything you need without asking any questions, has extra desktop software specifically to educational use, and may use *any* standard PC as a thin client. Awesome product.

- Samba can allow a Linux system to act as a Windows domain controller. Since every OS has to be Windows-compatible, your Samba service can provide a central set of accounts for anything on your network.

- FreeIPA (very new). Red Hat software that sets LDAP, Kerberos etc. for you, along with graphical interfaces. Currently runs on Fedora or Red Hat Enterprise.
 
Old 04-26-2008, 08:36 PM   #3
arew264
Member
 
Registered: Jul 2005
Distribution: Arch Linux / Debian Etch (soon) / have tried many others
Posts: 94

Original Poster
Rep: Reputation: 15
Well, because I'm a large fan of scalability, I'll probably go with the LDAP/Kerberos approach. After googling around a bit for this, I feel like an idiot for not realizing that I'd need LDAP/NIS.

Thanks!
 
  


Reply

Tags
kerberos, ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
network logon won't work plated Linux - Networking 1 03-28-2008 12:30 PM
Samba Network Logon hosler Linux - Networking 8 04-23-2006 11:18 PM
Logon to a Windows network titanandrews Linux - Networking 2 10-16-2004 10:51 AM
network logon message lackluster Linux - Networking 1 10-10-2004 02:15 PM
Heterogeneous network logon robertoneto123 Conectiva 3 11-19-2003 02:08 PM


All times are GMT -5. The time now is 05:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration