Re: [school-discuss] authorization management

["Dr. Robert G. Rittenhouse" <rob@cs1.mcm.edu>]

Harry McGregor wrote:
> On Mon, 2003-12-15 at 10:49, Jake Maul wrote:
>
> > Harry McGregor wrote:
> >
> >
> > > Um, one 'student' account is a very very bad idea.  Per user
> > > authentication is a must.
Oh, I dunno. A Knoppix type setup could work in that environment (not 
Knoppix itself as a root shell is trivially available but a Knoppix 
setup that does NOT allow access to machine resources). Clients similar 
to a ThinkNic (hmm, they seem to be extinct). Mandrake is making one 
where you can remove the CD and use a USB key for local storage (my dog 
ate my USB key...). The key is to have the OS in read only media and no 
permanent store on the machine. So what if the user gets root if there's 
nothing they can do with it?

For remote authentication you can use NIS, LDAP, probably SMB, Kerberos?
I'm not too keen on NIS.

For user file storage you could use
NFS but I can't see that in a situation where you can't trust clients
SMB/CIFS (compatible with Windows clients) supported on your servers.
AFS: requires Kerberos. See http://www.openafs.org/ -- it is available 
for Mac OS X
WebDav


We've also been trying to work out some similar issues: see 
http://cs1.mcm.edu/~rob/professional/LinuxLab/ and 
http://cs1.mcm.edu/pub/bscw.cgi/0/12032

--
Dr. Robert G. Rittenhouse, Chair
Department of Computer Science
McMurry University, Abilene, TX 79697-0968