kerberos

Before reading further... Are you looking for great Linux hosting from a company that cares about GNU/Linux? Pick Dreamhost hosting, get a 10% bonus to the disk space (and support Free Software Magazine in the meantime!)

Kerberos, final bits

Write a full post in response to this!

Two weeks ago, I explained how to set up a Kerberos realm; and last week, I went on to describe how to actually do something useful with it by doing Kerberized NFS. But there’s so much more interesting stuff that can be done with Kerberos, and it would be a shame to ignore those.

GSSAPI, SASL, and negotiation

Securing NFS

Write a full post in response to this!

NFS is a network protocol with which many UNIX-administrators have a love/hate relationship. On the one hand, it’s the ideal protocol if you need to export a filesystem from a UNIX-like system. On the other, it has a bit of a reputation of being insecure. Since a rogue system can just tell an NFS server that “hey, I’m representing a user with UID 1000, please remove all the files in my home directory”, this reputation may not be totally undeserved.

Or is it?

Authenticating on the network

Write a full post in response to this!

Usually, I get annoyed at having to authenticate myself to each and every service I set up; after all, my passwords are the same everywhere, since I make sure of that myself. On Windows, I wouldn’t have to do that; once I log in, Windows is able to communicate credentials to each and every service that asks for them. But something similar is impossible on GNU/Linux, right? Wrong.

Single sign-on