MS2LINUX - Authentication basics

David Mandala plug-discuss@lists.plug.phoenix.az.us
09 Oct 2002 22:42:49 -0700


Sorry my bad explanation you keep the user accounts on the NIS server
and normally keep the root and systems accounts on each server and
desktop. That way if the NIS system is down or networking is down the
admins can get on the local system. There are ways to cache the NIS data
but not normally done.

You could put all of the data on the NIS server but that is normally not
done since if the cache expired and the NIS server was not able to be
reached you would be completely unable to access the machines.

Davidm
 
On Wed, 2002-10-09 at 21:25, Scott H wrote:
> > From: David Mandala <davidm@them.com>:
> > Oh, you actually don't have to maintain the
> > accounts on the server it's
> > just recommended to since you would be
> > completely locked out in the
> > event of a network failure or if the main
> > authentication box failed.
> 
> Let me see if I understand this right (pardon me
> if I'm dense on this, I'm a recovering MS Admin
> :) In this setup, you keep user accounts both on
> a NIS server and on the local machines?  And
> these match?  NT/W2K does something similar to
> this: NT4 and W2K boxes cache user credentials on
> the local machine after any successful domain
> login.  A user on our network ALWAYS
> authenticates to the domain, not to the local
> machine (except for certain troubleshooting, of
> course), so if a Domain Controller is
> unavailable, the user can still log on to their
> machine, with the cached domain credentials.  
> 
> > David Mandala:
> > Bill I am bit confused would you please be
> > more explicit? Both on the
> > NIS "1/2" of your passwd/shadow/group files
> > and on the Linux not
> > maintaining the authentication. 
> 
> > Bill Warner:
> > basically you can maintain system accounts on
> > the box like root and bin
> > but have the users on the nis server.  There
> > is a code i think it was ++
> > that up put after the last system account on
> > the box that was the key to
> > say pull the rest of the passwd file form the
> > nis server.
> 
> Bill, in this setup, then, the user wouldn't be
> able to log in with a regular user account if the
> NIS server was unavailable... right?
> 
> 
> .
> 
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-- 
David IS Mandala
gpg fingerprint 8932 E7EF CCF5 1B8C 1B5C  A92E C678 795E 45B2 D952
Phoenix, AZ (480) 460-7546 HP, (602) 321-8277 CP
http://www.them.com/~davidm/