[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] AccessSpace NIS (lots of Q's)

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: [Sheflug] AccessSpace NIS (lots of Q's)
From: "Barrie Bremner" <nospam [at] barriebremner.com>
Date: Wed, 4 Apr 2001 21:14:46 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

James Wallbank writes:

 > Kerberos =====>
 > What is it?

As Alex said, Kerberos is another authentication protocol, developed
(and widely used) at MIT.
Kerberos requires Kerberized network applications (i.e. ssh, ktelnet, kftp)
and servers to issue tickets and authenticate users.
RedHat 7.0 ships with Kerberos RPMs on the disk - you'd just need to
figure out how to use the system.

I won't pretend to know that much about Kerberos, but the whole thing
gives me a headache.

The two links here are a starting point:

http://web.mit.edu/kerberos/www/
http://www.y12.doe.gov/~jar/HowToKerb.html

Depending on what you are trying to achieve, Kerberos might be an option.

 > That's all for now! ====>
 > 
 > So, there's a load of questions. At the moment the provisional plan 
 > is to Firewall and IP MASQ with a freestanding box, not address DNS 
 > serving inside the network at all (yet) except with a caching Proxy 
 > (more dumb DNS questions later...),

djbdns.

http://cr.yp.to/

Doesn't have the security problems of BIND, is simple to setup (couple
of lines) - next to no config required, uses less resources than BIND
(and can be configured to use more or less) and behaves sensibly if
things start to go wrong.

Stick it on a machine (I've got it on my firewall), tell it to respond
to queries from the local network, and forget about it.

The djbdns package contains a number of different programs to achieve
different things - dnscache (unsurprisingly) is the caching DNS
server.
There is a full DNS server there too - tinydns.

 > Then the 
 > idea is to have 100% redundancy, with cold backups for everything. 
 > Not very clever, but robust.
 >
 > Only once we've done that will we look at hot backups - but that's 
 > another story. We need to know what we need, first.

Ouch. Sounds like a lot of work. How is AccessSpace coming along? How
many users are you supporting these days?

Baz.

-- 
Barrie J. Bremner

email: baz at barriebremner.com | OpenPGP ID: 5164F553

http://barriebremner.com/
[Contact information available at website]

   "Linux? Is that some kind of MacOS?"
      -- BT technical support

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] AccessSpace NIS (lots of Q's)
  - From: Will Newton <will [at] misconception.org.uk>
- [Sheflug] AccessSpace NIS (lots of Q's)
  - From: "Stephen J. Turnbull" <turnbull [at] sk.tsukuba.ac.jp>

References:
- [Sheflug] AccessSpace NIS (lots of Q's)
  - From: James Wallbank <james [at] lowtech.org>

Prev by Date: [Sheflug] Another Worm....
Next by Date: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Prev by thread: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Next by thread: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Index(es):
- Date
- Thread