[luau] (Secure) NFS alternatives and centralized authentication?

Dustin Cross dusty at sandust.com
Wed May 29 10:37:01 PDT 2002 

Forgot about your centralized authentication question.  LDAP!!!

http://www.openldap.org

Here is an example of how to get a non-LDAP application working with LDAP.
OpenBSD does not support LDAP user authentication, but it does support
radius and radius does support LDAP.  This guy has documented how tomake it
work.  http://www.webdaemons.org/~jamesp/openbsd_ldap.shtml

http://www.linuxworld.com/linuxworld/lw-2000-05/lw-05-nds1.html
Here is an article about NDS on linux and that it "natively supports the
LDAP directory standard, so it's simple to integrate it with LDAP
applications, services, and directory services that support LDAP".

Here is an article on how to use MS Active Directory with Linux.
http://online.securityfocus.com/infocus/1563



Dusty




> I've been using NFS on my LAN for a while, but that's a totally
> unacceptable solution for anything but completely trusted networks.
> Also, SunRPC doesn't exactly have the greatest track record in terms of
>  security.  Are there any alternatives to NFS that behave in a similar
> fashon (just mount them and they're there as though they were local
> filesystems) that are a bit more secure (possibly offering some form of
>  authentication in addition to just trusting the host, possibly
> enforcing  some form of user rights so a person can't own a single
> system and  pretend to be any user they want, etc)?
>
> I'm looking to implement part of a Linux based lab where I can either
> dynamically mount each user's home directory when they log in (this is
> against a Novell 5 server) or I could possibly mount the whole homes
> tree, but that wouldn't work very well (see earlier comment about a
> local compromise leading to full rights on the network).
>
> I'm also looking for ways to authenticate against a central directory
> (Novell NDS in this case, but I might also want to do some of this at
> home where I don't run Novell).
>
> Warren, I'm pretty sure you have some experience with this; care to
> share? :)
>
> --MonMotha
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau

More information about the LUAU mailing list