[4654] in Kerberos
Re: Kerberos and /etc/passwd on a cluster
daemon@ATHENA.MIT.EDU (Steve Omand)
Tue Feb 21 09:44:12 1995
To: kerberos@MIT.EDU
Date: Tue, 21 Feb 95 09:18:39 EST
From: Steve Omand <omand@athena.tay.dec.com>
Ed,
Perhaps I can offer an idea...
We use Hesiod/DNS for providing /etc/passwd info to the login clients. This
is a part of the DECathena software which your university can probably get
for no additional license fee (if they subscribe to Digital's CSLG program).
You might also check with Iowa State University -- they run DECathena now
in a rather large configuration.
DECathena is the productization of the MIT Athena distributed computing
environment, so it is well proven -- MIT has been running continuously
since 1987. The login process is integrated with Hesiod and Kerberos (V4
currently); the complete /etc/passwd (minus the encrypted password) is
retreived from Hesiod and concatenated onto the /etc/passwd for the duration
of the login session.
DECathena V1.3 comes with AIX support, as well as Sun, ULTRIX, Alpha OSF/1,
and HP-UX unixes and PC (MS DOS/Windows) client.
Let me know if you'd like more info. I have a couple of postscript white
papers I can send you.
regards,
Steve Omand
______________
-> To: kerberos@MIT.EDU
-> Date: 20 Feb 1995 18:56:01 GMT
-> From: edhill@strobe.weeg.uiowa.edu (Ed Hill)
-> Message-Id: <EDHILL.95Feb20125601@strobe.weeg.uiowa.edu>
-> Organization: Weeg Computing Center, The University of Iowa
-> Sender: usenet@cam.ov.com
-> Subject: Kerberos and /etc/passwd on a cluster
->
->
-> We are setting up a cluster of machines(AIX boxes), and are trying to figure
-> out the best way to distribute /etc/passwd information across the nodes. We
-> don't want to use NIS because we want to keep shadow password functionality, so
-> the next step is to look towards kerberos, DCE, etc...
->
-> However, kerberos does not seem to provide the ability to keep a central
-> registry of /etc/passwd type information, it just provides the name and passwd
-> (and of course the protocols for authentication, etc...). DCE provides the
-> registry with account type information, but we are not quite ready to make the
-> jump to DCE yet.
->
-> How do other places keep /etc/passwd information (uids, home dirs, shells) in
-> sync across multiple machines that you are running kerberos on.
->
->
-> -Ed Hill (ed-hill@uiowa.edu)
-> Systems Programmer - Weeg Computing Center - The University of Iowa
-> "I am Homer of Borg, prepare to be assim... Ooooooooh donuts!"
