[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] authorization management

Harry McGregor wrote:
On Mon, 2003-12-15 at 10:49, Jake Maul wrote:

Harry McGregor wrote:

Um, one 'student' account is a very very bad idea.  Per user
authentication is a must.
Oh, I dunno. A Knoppix type setup could work in that environment (not Knoppix itself as a root shell is trivially available but a Knoppix setup that does NOT allow access to machine resources). Clients similar to a ThinkNic (hmm, they seem to be extinct). Mandrake is making one where you can remove the CD and use a USB key for local storage (my dog ate my USB key...). The key is to have the OS in read only media and no permanent store on the machine. So what if the user gets root if there's nothing they can do with it?

For remote authentication you can use NIS, LDAP, probably SMB, Kerberos?
I'm not too keen on NIS.

For user file storage you could use
NFS but I can't see that in a situation where you can't trust clients
SMB/CIFS (compatible with Windows clients) supported on your servers.
AFS: requires Kerberos. See http://www.openafs.org/ -- it is available for Mac OS X

We've also been trying to work out some similar issues: see http://cs1.mcm.edu/~rob/professional/LinuxLab/ and http://cs1.mcm.edu/pub/bscw.cgi/0/12032

Dr. Robert G. Rittenhouse, Chair
Department of Computer Science
McMurry University, Abilene, TX 79697-0968