Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 07-18-2007, 08:36 PM   #1
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Rep: Reputation: 16
Central authentication

What are the things involved in setting up a central authentication system, where one server houses all login information used by all other servers on the network? I've heard of NIS and LDAP, but haven't heard much in terms of comparisons other than NIS being outdated and nobody should use it unless to support legacy systems - is this an accurate statement, or is NIS a viable option?

In addition to LDAP and NIS, are there any other viable options?

What else should be considered - e.g. could home directories still be on the clients, or would home directories have to be on the server and shared by NFS?

What about users created for the purpose of chroot-ing, such as in the Chroot-BIND HOWTO? Would the chroot directory have to be on the authenticating server?

Could client machines still have their own user information that in addition to those from the central server?

On the other hand, could client machines be made to have no users of their own and only use users from the central server?

How does SSH tie into this, where users can just authenticate with the central server? Could this work for non-human users, such as "named", "mysql", and other application-users?

Old 07-20-2007, 07:01 AM   #2
Mark Havel
Registered: May 2004
Location: Lyon, France
Distribution: Slackware
Posts: 85

Rep: Reputation: 15
If you want a central authentication, it should also be a good idea to centralize the place where the user's directories are stored and mount them through NFS or Samba in the local machines. In my university, they used NIS and LDAP to authenticate the users. As far as I know, the NIS stuff was used for the Linux machines and set-up as a legacy stuff in a global LDAP running on Windows servers.

It seems the modern way to authenticate and reference users through a network is LDAP now. It's a bit more complicated than NIS to set-up (for what I've seen of the two) but it offers more features.
However, if you plan to use exclusively Unix based machines, you may also use NIS (NIS seems to be a Unix only service).
Old 07-20-2007, 08:51 AM   #3
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,626
Blog Entries: 4

Rep: Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999Reputation: 2999
Linux distributions use a system called "PAM" (Pluggable Authentication Modules, see: man pam, man pam.conf) which provides a very flexible "plug-in" system for handling all of the essential authentication tasks.

PAM modules are available for all kinds of authentication purposes, including interfaces to central directory services.

In my experience, you will probably wind up being constrained by what your Windows boxes will accept. Fortunately, no matter what that may turn out to be, Linux should easily handle it. As we well know, Linux is very good at being "in the company of strangers," quietly and efficiently doing its job without seeking to impose its own will upon others... (ahem!)

It is definitely important to use centralized password controls, even for a very small office shop. And it's unfortunate that the whole thing is regarded as mysterious.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up Central Authentication System logosys Linux - Networking 1 03-03-2006 07:48 AM
Central Authentication for SAMBA Matir Linux - Software 2 01-28-2005 05:16 PM
user authentication from central computer uros678 Linux - General 5 02-19-2004 01:48 AM
domain style central user authentication MadTurki Linux - Networking 2 01-26-2004 11:26 AM
Central Logging unixpirate Linux - General 0 02-28-2003 12:23 PM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:05 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration