Ühel ilusal päeval [20-03-2004 04:42] kirjutas Adrian 'Dagurashibanipal' von Bidder:
[...] > Server/network set up > - unix account management: I suspect NIS is not really an option in a > security conscious environment (just hearsay, though, I'll look at it). > Kerberos? With pam there should be no problem with integration. Others? For central account management LDAP seems to be good alternative. PAM and NSS have modules for that. There is link to one guide, which helped me a lot. http://homex.subnet.at/~max/ldap/index.php [...] > - authentication: I favor USB tokens (since ssh/pgp secret keys could be > stored there, too). $BOSS wants fingerprint auth. What solutions do exist (I > see there's an ITP out for libpam-usb. What about Linux-supported > fingerprinting systems? Laptops?) Here in Estonia we have this ID-card, which is actually a smartcard with a chip. This is mandatory for every citizen and it can be used for identification and digital signatures. Anyway, the point is, that such cards can be used for login authentications, the opensc project has PAM module for that. IMO the smartcards are better than fingerprint auth, since they can be used for other things also (digital signatures, encryption). http://www.opensc.org/ Juhan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
