remote login

[coolnads]

hi,

i have a dedicated red hat 7.2 installed on a computer with all the servers and stuff...... what i want is that the two other of my pc's that are presently running on win, be made dual boot with linux as one of the partition , but the login etc should be handled by my dedicated pc.

to explain in detail at the login prompt the kernel shud check for passwords on the dedicated mac, and after the login the users should get loged ito the "REMOTE MACHINE", they should be accessing the files etc. saving stuff using aplications all from the remote machine.. nothing should be done on the machine from where ur logging from.

( the remote machine is the dedicated server )

i tried a crude method of writing the rlogin host -l user in the rc4.d file (of the dual boot mac)... this prompted user for a password at the run time on supplying the current password the user will be logged in the remote computer... this obviously was very crude and didnt solve the purpose .. hope u ppl could give me more ideas

the dedicated machine is actually a complete red hat install as a server... the other machines are yet to be partitioned (actully i did partition one mac)

[cgkanchi]

What you have to do is setup your server as either an NIS or a Kerberos server. Then when you install Red Hat, specify your servers IP as the Kerberos/NIS server and you're done. One thing to note, Kerberos is always better than NIS as NIS transmits passwords in plain text. Here you go http://www.redhat.com/docs/manuals/l...-kerberos.html
Cheers,
cgkanchi

[instronics]

I agree with cgkanchi, but..... in a security sense i believe that sharing the /etc/shadow over a network is highly unsecure. Its about security policies. Its a bad policy to share passwords over the network even if its encrypted. If you insist on using these methods, then i advise you to use STRONG PASSWORDS. Let the password be a mix of letters (small and capital), numbers, and chars. Easy way to remember it would be to think of a sentence and use the first or last letters if each word in that sentense. eg.

this is an example of a strong password

tiaeoasp

Then play with the caps a bit.

TiAeOaSp

Add some chars to it and numbers.

T.i.A.e.O.a.S.p.#2003

Thats not so hard to remember, and its a very strong password.

Always use strong passwords. Also try better encryptions than 3des. Try MD5 or so.

Back to the point, if you really really want to use NIS or kerberos, then atleast enforce a stron password policy, even better is not to share the password files or the password over the net.

I hope this helps you (mainly on setting up a security policy) for what you intend todo. Setting up a security policy applies for anything you want todo. Its not wrong to think paranoid. Its better to think paranoid.

I love to exagerate, but my box has never been rooted so far ( lol, atleast i hope so).

Good luck!!!

[slarty]

If I understand correctly, you're trying to make it such that the two machines share home directories and usernames/passwords.

On Unix, if you want to do this, you should have a trusted network. I say this, because there are no ubiquitous methods of doing this that use strong encryption all the way.

Assuming you have a trusted network (i.e. you are behind a firewall and have no untrusted users) then do the following:

- Your machines should have fixed IP addresses. This should not be a problem on a trusted network.
- Set up NFS: On the server machine (the one to hold the home directories), allow read/write access to /home by your other machine - you can do this by editing /etc/exports (read the man page)
- At boot time, the client machine should mount /home on the other machine. You can do this by editing its fstab (read the man page for that too)
- Create all users on both machines, ensuring that they have the same user ID and group IDs
- Users will have to maintain their own passwords in sync.

Why not use NIS or such like, I hear you ask? Well IMHO, it's far too bloody complicated to set up, particularly for such a small network.

If the number of machines * number of users is greater than, say about 20, use NIS, otherwise just use password files. Particularly if they are reasonably proficient users.

[coolnads]

i tried the NIS thing before but it didnt help a lot as i couldnt setup properly or somehing.
i ll follow slarty's advice and it seems that it just may work.

Thanx.

[cgkanchi]

The only reason to not try Slarty's method is if yyou want to learn something new. Otherwise, that's probably the best way to do it. You could even have a script that would add new accounts to all three comps when one is added to any one(or just the server).
Cheers,
cgkanchi