What I want to do is have 2 Linux boxes acting as servers. I want users wanting the choice as to what machine to log into. I.e., have a server chooser app before kdm, etc. What I'm asking is that, how do I organise the files? When USER1 logs into LINUXSERV01 and then later on logs into LINUXSERV02 I want the user area to be the same. Do I need to create homes on both machines or can I have one that "follows" the user - something which I expect Linux to do. When I was at Uni, we could do this with the HP-UX server farm. I'm assuming Linux can do the same. I assume that the home area will be set up on one machine, say LINUXSERV01 and when you log in using LINUXSERV02 (because LINUXSERV01 might be running slower due to a number of users logged in, say) then LINUXSERV02 has to map to LINUXSERV01's home area. Is this a samba set up? - Having log ins authenticated on one machine? Regards, Kev Jackson thelinuxwebsite.com ... coming soon! -----Original Message----- From: Kevin Jackson [mailto:kevin.jackson@jhallpr.demon.co.uk] Sent: 03 April 2000 16:45 To: SuSE Linux List (E-mail) Subject: [SLE] More than 1 linux servers I have 1 Linux server which is working fine. I want to add another Linux server as part of the same domain. Is it possible to set it up so that if I logged onto either of them, either will authenticate... or do I have to set up users on the second machine seperately? What is the best way to take advantage of 2 Linux servers? (Apart from having apache, et al on 1 and file/samba, say on another) Kevin Jackson -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

On Mon, 03 Apr 2000, Kevin Jackson wrote:

I have 1 Linux server which is working fine. I want to add another Linux server as part of the same domain. Is it possible to set it up so that if I logged onto either of them, either will authenticate... or do I have to set up users on the second machine seperately?

I know that you can use NIS (the yp* stuff) to provide a single login across multiple Linux boxes. I also know that the comments on NIS in "Maximum Linux Security" can be summarized in two words - the first of them has four letters, and the second one is No. Be VERY VERY careful about security if you do this. Don't include your firewall in your NIS domain, and don't give your firewall any software that it would allow it to share its drives or mount drives shared from other machines. (Come to think of it, that's probably a good idea anyway... the less your firewall does, the fewer possible security holes in it.) Samba *may* be able to do the same thing, I'm not sure. This security book is substantially less emphatic about Samba than about NIS, but there have been some security issues.

What is the best way to take advantage of 2 Linux servers? (Apart from having apache, et al on 1 and file/samba, say on another)

That depends: why do you want two servers? No, I am NOT suggesting that there is anything wrong with it. Rather, there are probably several dozen good reasons, and the proper answer to your question depends on exactly what reasons you have. Here are a few of the common reasons for multiple servers: * Development / quality assurance / production environments * Too much work for one box * Differing security requirements of groups within the organization * Differing security requirements of functions (e.g. you hardly ever let anyone log in to your firewall for anything) * Logical division of work groups - data may not be confidential, but it's irrelevant to other groups * Public (exposed, possibly even sacrificial) access versus internal access * Redundancy for data protection or even fail-over recovery * Protected environment "owned" by the vendor of a proprietary system, within your network environment * Proprietary system requires underlying software different from your shop's norms A suggestion from experience: your second server should be an obsolete box. Maybe a 486. (Make sure it has a healthy disk drive though. Small is okay, but healthy.) On it put your DHCP server, your internal domain name server (bind can be configured as a true domain name server for your domain, rather than just as a cacheing server), and your master security server (if such exists). Any other functions that are similarly essential for the operation of the network. And very little else. Then, in its nameserver set an entry for the master security server (same machine), for the default router (your firewall?), for *each* database within your database servers, and for *each* other service. In your scripts, configurations, and programs, never refer to any service by either the name, or the ip address, of the machine it's on; instead, refer to it by its own name in the name server. That way, if you move a service from one machine to another, you only have one place you have to change the address, and the services you didn't move aren't messed up. And since there is so little on that obsolete box, you will rarely need to mess with it. But because it's obsolete, you won't be tempted to put more onto it. System security by keeping your fingers out of the clockwork. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/