-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hell all. I plan to get my disorganized lan up to better standards. This is my planned setup: <isp via adsl> | (DMZ)http/ftp/mail [firewall]------+--[http/mysql/ftp/mail] | +--[login server ] | +-----+ | | [ws1] [ws2] Hardware: Firewall : Alphastation (Linux or ???BSD) DMZ: http/mysql/ftp/mail : AlphaStation (Linux) login server : AlphaStation (Linux) WS1 : Linux WS2 : Linux WS3 : Windows 2000 Server WS4 : Windows 2000/XP (and a few experimental boxes such as QNX, DUX and assorted Win boxes...) My primary question is: What do i use as LOGIN SERVER???? I need it to take care of all user authentications in the system I want a centralized "PDC" to ease the administration of users and accounts. It has to be "platform independent", in that i need both Linux and Windows macines to authenticate through it. Also, i want my external users (mail/web/ftp) to be authenticated by the same system. I do NOT want to have to administrate users in different utilities, i want ONE centralized, common "point of entry". What do i use? NIS? NIS+? LDAP? RADIUS? KERBEROS? If any of you have other comments or sugestions regarding this setup, please feel free to flame/encourage/suggest anything you want. - -- /Rikard - ------------------------------------------------------------------------------------ Rikard Johnels email : rjhn@linux.nu Web : http://www.rikjoh.com Mob : +46 70 464 99 39 - ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+6wb3WdS2eEYc7lYRAmE7AKCiXEssvpdb0bjjK11URWWIJcLsegCgheP/ zNCqrJvY63N7G+rZ0jyhlfA= =tx4H -----END PGP SIGNATURE-----
The 03.06.14 at 13:28, Rikard Johnels wrote:
My primary question is: What do i use as LOGIN SERVER???? I need it to take care of all user authentications in the system
Will it authenticate internal users? Then probably the dmz is not the place for it, too exposed. -- Cheers, Carlos Robinson
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 15 June 2003 12.20, Carlos E. R. wrote:
The 03.06.14 at 13:28, Rikard Johnels wrote:
My primary question is: What do i use as LOGIN SERVER???? I need it to take care of all user authentications in the system
Will it authenticate internal users? Then probably the dmz is not the place for it, too exposed.
-- Cheers, Carlos Robinson
So i need two NIS servers? Or can i get the DMZ server to authenticate from the internal loginserver? - -- /Rikard - ------------------------------------------------------------------------------------ Rikard Johnels email : rjhn@linux.nu Web : http://www.rikjoh.com Mob : +46 70 464 99 39 - ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+7d5CWdS2eEYc7lYRAu22AKDldoz0OKp2N+PmzrpjKvrjrchfIgCgjKZ9 EqWeXPs49YZHmd/UaS178yI= =NRIz -----END PGP SIGNATURE-----
The 03.06.16 at 17:11, Rikard Johnels wrote:
So i need two NIS servers? Or can i get the DMZ server to authenticate from the internal loginserver?
Good question... I don't know. But I certainly wouldn't feel safe having a server with private info on the DMZ. By the way, if the mail server holds internal mail, it would apply as well. If what you need is authentification for the mail server, then I'd probably use two servers. You need more answers than mine alone, I'm unsure of the answer. -- Cheers, Carlos Robinson
participants (2)
-
Carlos E. R.
-
Rikard Johnels