Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 04-24-2008, 07:15 PM   #1
Registered: Jul 2005
Distribution: Arch Linux / Debian Etch (soon) / have tried many others
Posts: 94

Rep: Reputation: 15
Network Logon

I'm trying to set up a working model of a linux computer lab in an effort to get one set up at my high school. Dunno if it'll work but... that's another thread

Anyway, I have a server, and after my first round of research/googling, I got Kerberos set up. I can understand how it works and all that's good, but it seems ther kerberos simply doesn't facilitate full network logins; the users still must have an entry in /etc/passwd. Is this a misconfiguration on my part, or is it actually the case?

Searching here, I stumbled upon this link:

A NIS setup is described there that facilitates network logons. Should I try to get NIS working instead?

Once all that is past, can anyone recommend a method for mounting home directories over the network?
I hesitate to use NFS because someone with a laptop running linux could just connect to the network, mount the share, and get root access to it, or such is my understanding.

With Kerberos, I was looking hard at using AFS, which is a distributed network file system that uses Kerberos for authentication. Using AFS will be difficult if I switch to NIS, it seems, so can someone point me in the right direction?

Thanks in advance, I seem to be in a bit over my head.
Old 04-26-2008, 09:05 AM   #2
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
This stuff is a bit complex - the Microsoft and Apple implementations hide a lot of the technical workings, which you are manually setting up here. For a small network there are three better solutions than setting up this manually (see below), but to answer your question:

The core of your network identity system is really the directory service. The directory stores records for each user, and may hold information about computers etc. as well. Lots of existing UNIX networks still use NIS, but this is deprecated, and you should use LDAP when you set up a new directory. If you configure a UNIX system to use LDAP then user records may be held in either the /etc/passwd file of the system ("local account") *or* in the LDAP directory ("network account"). You can use LDAP like this without Kerberos. The Kerberos service simply adds a stronger and more convenient security layer.

The LDAP and Kerberos software provided with UNIX-like systems is intended for people who want to configure their own custom setups with their own interfaces. Better options for small networks:

- Thin clients. You create the user account as normal on the server, and users can then use any thin client attached to that server with no extra work. Edubuntu installs and configures everything you need without asking any questions, has extra desktop software specifically to educational use, and may use *any* standard PC as a thin client. Awesome product.

- Samba can allow a Linux system to act as a Windows domain controller. Since every OS has to be Windows-compatible, your Samba service can provide a central set of accounts for anything on your network.

- FreeIPA (very new). Red Hat software that sets LDAP, Kerberos etc. for you, along with graphical interfaces. Currently runs on Fedora or Red Hat Enterprise.
Old 04-26-2008, 07:36 PM   #3
Registered: Jul 2005
Distribution: Arch Linux / Debian Etch (soon) / have tried many others
Posts: 94

Original Poster
Rep: Reputation: 15
Well, because I'm a large fan of scalability, I'll probably go with the LDAP/Kerberos approach. After googling around a bit for this, I feel like an idiot for not realizing that I'd need LDAP/NIS.



kerberos, ldap

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
network logon won't work plated Linux - Networking 1 03-28-2008 11:30 AM
Samba Network Logon hosler Linux - Networking 8 04-23-2006 10:18 PM
Logon to a Windows network titanandrews Linux - Networking 2 10-16-2004 09:51 AM
network logon message lackluster Linux - Networking 1 10-10-2004 01:15 PM
Heterogeneous network logon robertoneto123 Conectiva 3 11-19-2003 01:08 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:06 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration