--=-pkMxaMsH5k3JVUwL7PkV
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
> 1) there are no other realistic options besides
> the above 2 for centralized authentication for
> users
Those are the two that will get you the most extensibility. If you are
using filesystems like AFS or CODA they have their own authentication
systems (it would seem like you could tie them into an LDAP/NIS
solution, but I've never heard of it). But I would say that there are
more tools, and it is more common to do LDAP/NIS.
Remember with PAM, you could also have someone log into AFS/CODA and
NIS/LDAP at the same time, and have the change password command change
all their passwords in sync :) PAM sure is cool.
I'm a fan of LDAP, but one thing about NIS is that it's got penetration
into the market. If you install Solaris, Irix, or AIX (some of the more
'traditional' unicies) you'll find they all have NIS. I have no clue
what the LDAP support in those is like. I think Solaris uses PAM now,
but I don't know about the others...
> Multiple logins
Well, that is an issue. You won't have to log into get to network
shares, in theory they would be already mounted on the machine you are
on (a more traditional Unix way, but (as if I haven't sold PAM enough)
there is a PAM module to mount drives as you log in :). As far as
logging into other machines you can set up SSH not to require a password
on 'trusted' hosts. Basically saying that if you can login into one
computer as 'ted' you can log into any on the network. Now that
probably doesn't work for non-shell users...
Good luck,
Ted
--=-pkMxaMsH5k3JVUwL7PkV
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org
iEUEABECAAYFAj2jjO4ACgkQLE335pRPGp27rQCXcJZLt0jekWy3oaN3kvAA0Gw8
jQCfcvACamI2TyLJHMZJkRAvBudPOLI=
=uYKE
-----END PGP SIGNATURE-----
--=-pkMxaMsH5k3JVUwL7PkV--