Re: [seul-edu] single login across multiple servers

[Cameron Miller <cdmiller@adams.edu>]

Dan Yonker wrote:
> I am looking for options and/or pointers on setting up multiple linux 
> servers and having them authenticate from the same user base.  Is NIS 
> better or easier than LDAP?  Are there any other options better?  We 
> hope to authenticate Windows and Macintosh computers to these servers.
> 
> Thanks in advance.
> 

Hello,

Personally, I prefer LDAP.  NIS is fine for smaller environments, but 
entire password file copies travel the network in the clear.  LDAP is 
generally more flexible and scalable, and can provide SSL protection of 
the traffic.  They are each fairly difficult to learn.  Most Linux 
distros come with LDAP and YP software these days.

To serve to the Mac, netatalk it the ticket, works great uses local PAM 
support, clear text passwords last time I checked.  For Windows, Samba 
can be configured to use PAM to auth, but that gives clear text 
passwords over the wire.  A Samba SSL proxy can be configured or you can 
maintain a seperate samba password table of LM hashes to provide 
encrypted passwords across the network.  With a seperate password file, 
passwords changes and synchronization become interesting.  There were 
some projects for putting the Samba password file into the LDAP tree, I 
dunno how viable those projects are right now.

Here is some starter LDAP info:

http://k12linux.mesd.k12.or.us/ldap/

Some netatalk info:

http://www.riverdale.k12.or.us/linux/netadmin/netatalk.html

- cameron

-- 
- cameron miller
- UNIX Systems Administrator
- cdmiller@adams.edu