Re: passwords within a small LAN: how?

Jingleheimer <johnjacob@foobar.schmidt.com> wrote news:3F2A3857.4070706
@foobar.schmidt.com:

> I'm building a LAN consisting of a few RH8 machines behind a firewall.
> I've set up a fileserver that exports its /home and /usr/local by NFS,
> and the client machines are able to read files from the server. But a
> user is not able to write files in his home directory because he
> essentially has a different account on each machine, even if he has the
> same password on each machine. What is a simple way to set this up? I
> mean can you tell me what man pages and howtos to read?

Using the "identd" daemon you could map user (uid & guid) from one host
to the user. This is a way to have different uid on the client and the
NFS server.

> I administered a Redhat LAN ca. 1995, and I simply rdist'd /etc/passwd
> from the fileserver to the clients, which worked fine. Would that work
> nowadays?

It should still work.

> I don't think it's enough for a user to have the same uid and password
> on all machines.

It should be enough to have the same uid on the NFS client and NFS
server, as soon as the export is "rw", and you mount the export with the
right login/pass.

> Tonight I NFS-mounted the server's /etc on the clients, then made the
> clients' /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow soft
> links to the corresponding files in the server's /etc, but I got a
> message like "incorrect login".


Regards

Antoine EMERIT wrote:
> Jingleheimer <johnjacob@foobar.schmidt.com> wrote news:3F2A3857.4070706
> @foobar.schmidt.com:
>
Thank you for your kind reply.
>
>>I'm building a LAN consisting of a few RH8 machines behind a firewall.
>>I've set up a fileserver that exports its /home and /usr/local by NFS,
>>and the client machines are able to read files from the server. But a
>>user is not able to write files in his home directory because he
>>essentially has a different account on each machine, even if he has the
>>same password on each machine. What is a simple way to set this up? I
>>mean can you tell me what man pages and howtos to read?
>
>
> Using the "identd" daemon you could map user (uid & guid) from one host
> to the user. This is a way to have different uid on the client and the
> NFS server.
>

I'm looking into that.

>
>>I administered a Redhat LAN ca. 1995, and I simply rdist'd /etc/passwd
>>from the fileserver to the clients, which worked fine. Would that work
>>nowadays?
>
>
> It should still work.
>
>
>>I don't think it's enough for a user to have the same uid and password
>>on all machines.
>
>
> It should be enough to have the same uid on the NFS client and NFS
> server, as soon as the export is "rw", and you mount the export with the
> right login/pass.
>

Yes---I find that it does work. But couldn't somebody set up a machine
with the same uid and same login as a target user without knowing the
password, then just connect to the network and access the target's files?

>
>>Tonight I NFS-mounted the server's /etc on the clients, then made the
>>clients' /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow soft
>>links to the corresponding files in the server's /etc, but I got a
>>message like "incorrect login".
>

It doesn't seem to make sense that the rdist method and the same-uid
method work but this method doesn't. This link method doesn't even work
when I make sure the uids are the same on both machines. Maybe there
are other files involved?

>
>
> Regards
>
>
>

Jingleheimer <johnjacob@foobar.schmidt.com> wrote:
> It doesn't seem to make sense that the rdist method and the same-uid
> method work but this method doesn't. This link method doesn't even work
> when I make sure the uids are the same on both machines. Maybe there
> are other files involved?

I think that /etc/hosts.equiv is what you are looking for. See the
manual page or info page for hosts.equiv.

AG