[29024] in Kerberos
Re: Heimdal KDC, Windows XP and local users
daemon@ATHENA.MIT.EDU (Volkmar Glauche)
Mon Jan 14 06:07:09 2008
From: Volkmar Glauche <volkmar.glauche@uniklinik-freiburg.de>
To: kerberos <kerberos@mit.edu>
In-Reply-To: <fm891j$2g39$1@relay.tomsk.ru>
Date: Mon, 14 Jan 2008 12:06:06 +0100
Message-Id: <1200308766.5134.26.camel@nz23161.ukl.uni-freiburg.de>
Mime-Version: 1.0
Reply-To: volkmar.glauche@uniklinik-freiburg.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Am Freitag, den 11.01.2008, 17:29 +0000 schrieb Victor Sudakov:
> Javier Palacios wrote:
> > > BTW what about Unix? Is there a way to automatically create a local
> > > user if a Kerberos principal successfully authenticates on the box?
> > > Oh well, it is not very useful after all, who in the world needs a
> > > Unix user with the same name and different uid on each box...
>
> > You know about NIS, so you know that you may have he same uid in
> > different boxes.
>
> Sure. But this again means the toil of maintaining two databases: the
> NIS map and the KDC database.
I think you will need two databases: one for kerberos credentials and
another one for account information. Kerberos does not tell you about a
user's home directory or shell...
> > And youger people who never heard about NIS do know
> > about nss-ldap.
>
> And again, why would we want two databases: LDAP and Kerberos?
>
> > And pam_mkhomedir cares about "local profile" creation.
>
> Oh yes, I use it on NIS clients.
> It is much better for my purposes than NFS-mounted homes.
>
--
Volkmar Glauche
Freiburg Brain Imaging
http://fbi.uniklinik-freiburg.de/
Phone +49(0)761 270-5331
Fax +49(0)761 270-5416
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
