Hi. How do I get users using linux boxes on our lan to be able to login without having an account on the client box? SuSE 8.0 Thanks, Steve.
Linux does not provide for a network user account system such as Microsoft Windows does. It utilizes a more fine-grained user permisssion system, in which users must have an authorized account located on the node that is in question. This provides a defined layer of security...that Windows does not have. Even if a computer was compromised under a normal user account. The person would most likely...(unless the other account specifics are exactly the same)....be unable to, in turn, access that users account on another computer. HTH Thomas Jones i-Null.com Network Administrator On Saturday 28 September 2002 12:05, steve wrote:
Hi. How do I get users using linux boxes on our lan to be able to login without having an account on the client box? SuSE 8.0 Thanks, Steve.
On Sat, 28 Sep 2002, Thomas Jones wrote:
Linux does not provide for a network user account system such as Microsoft Windows does. It utilizes a more fine-grained user permisssion system, in which users must have an authorized account located on the node that is in question.
This provides a defined layer of security...that Windows does not have. Even if a computer was compromised under a normal user account. The person would most likely...(unless the other account specifics are exactly the same)....be unable to, in turn, access that users account on another computer.
On Saturday 28 September 2002 12:05, steve wrote:
Hi. How do I get users using linux boxes on our lan to be able to login without having an account on the client box? SuSE 8.0 Thanks, Steve.
You could always set up an NIS server, and then activate the NIS clients on each node, then you have one central password server that controls access to the rest of the nodes. - Elric The bureaucracy is expanding to meet the needs of an expanding bureaucracy.
On Wed, 2002-10-02 at 13:53, Elric Scott wrote:
You could always set up an NIS server, and then activate the NIS clients on each node, then you have one central password server that controls access to the rest of the nodes.
Just please use tcpwrappers if you plan on using NIS. NIS itself is not the most secure protocol but in use along side with tcpwrappers I have not seen problems with its use. -- Johnathan Bailes BAE Systems ESI "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." - Doug Gwyn ---
On Wed, 2 Oct 2002, Johnathan Bailes wrote:
On Wed, 2002-10-02 at 13:53, Elric Scott wrote:
You could always set up an NIS server, and then activate the NIS clients on each node, then you have one central password server that controls access to the rest of the nodes.
Just please use tcpwrappers if you plan on using NIS.
NIS itself is not the most secure protocol but in use along side with tcpwrappers I have not seen problems with its use.
tcpwrappers + a restriction in the server config about what IP's can actually talk to it, and then also make sure that NIS is blocked on the firewall. Nope im not paranoid, not at all. :) - Elric I think I was where I am - in the heart of God.
On Wednesday 02 October 2002 19.53, Elric Scott wrote:
On Sat, 28 Sep 2002, Thomas Jones wrote:
Linux does not provide for a network user account system such as Microsoft Windows does. It utilizes a more fine-grained user permisssion system, in which users must have an authorized account located on the node that is in question.
This provides a defined layer of security...that Windows does not have. Even if a computer was compromised under a normal user account. The person would most likely...(unless the other account specifics are exactly the same)....be unable to, in turn, access that users account on another computer.
On Saturday 28 September 2002 12:05, steve wrote:
Hi. How do I get users using linux boxes on our lan to be able to login without having an account on the client box? SuSE 8.0 Thanks, Steve.
You could always set up an NIS server, and then activate the NIS clients on each node, then you have one central password server that controls access to the rest of the nodes.
Or you could use pam_smb to authenticate against an MS server :) //Anders
On Wednesday 02 October 2002 20:21, Anders Johansson wrote:
On Wednesday 02 October 2002 19.53, Elric Scott wrote:
On Sat, 28 Sep 2002, Thomas Jones wrote:
Linux does not provide for a network user account system such as Microsoft Windows does. It utilizes a more fine-grained user permisssion system, in which users must have an authorized account located on the node that is in question.
This provides a defined layer of security...that Windows does not have. Even if a computer was compromised under a normal user account. The person would most likely...(unless the other account specifics are exactly the same)....be unable to, in turn, access that users account on another computer.
On Saturday 28 September 2002 12:05, steve wrote:
Hi. How do I get users using linux boxes on our lan to be able to login without having an account on the client box? SuSE 8.0 Thanks, Steve.
You could always set up an NIS server, and then activate the NIS clients on each node, then you have one central password server that controls access to the rest of the nodes.
Or you could use pam_smb to authenticate against an MS server :)
//Anders I've set up NIS server and a nis client using Yast but I still ge a normal login. How do I activate it so that a client logs in via the server? Steve.
On Wed, 2002-10-02 at 14:21, Anders Johansson wrote:
You could always set up an NIS server, and then activate the NIS clients on each node, then you have one central password server that controls access to the rest of the nodes.
Or you could use pam_smb to authenticate against an MS server :)
Other than NIS and a MS domain controller, you might also use OpenLDAP: http://www.openldap.org/ or Novell's eDirectory (which runs natively on Linux): http://www.novell.com/products/edirectory/ However, I've never used either one of these, I've only used NIS. Best Regards, Keith -- LPIC-2, MCSE, N+ Sing blue silver Got spam? Get spastic http://spastic.sourceforge.net
participants (6)
-
Anders Johansson -
Elric Scott -
Johnathan Bailes -
Keith Winston -
steve -
Thomas Jones