Subject: Re: Centralized User and Password Management
To: None <>
From: Tillman Hodgson <>
List: netbsd-users
Date: 11/24/2004 10:39:27
On Wed, Nov 24, 2004 at 07:43:22AM -0800, Ben Collver wrote:
> On Wed, Nov 24, 2004 at 07:51:34AM -0600, Tillman Hodgson wrote:
> > This gives a traditional "feeling" system that's very easy to set up and
> > maintain (NIS) and provides both signle-sign-on and reasonable security
> > (Kerberos and IPsec).
> The last time I tried to configure Kerberos, xdm and ssh would not
> authenticate against it.  This was inconvenient because I typically use
> these to log in.

OpenSSH can use GSSAPI, which works fine. You could also use kerberized
telnet (`telnet -x`) which provides data encryption as well as secure
authentication and  is thus an equivalent for the most common use for

Xdm works fine on systems that support PAM. I tend to use NetBSD on
architectures where I can't use X anyway (SGI O2, Microvax,
Sparcstation) so I haven't worried about the lack of PAM yet. It hasn't
been an issue with FreeBSD or RedHat on my faster x86 boxes that do use
X. Startx works whereever console logins work, of course.


Thinking, and the methods by which thoughts are communicated, inevitably create 
a system permeated by illusions.
	- Zensunni Teaching