Coda File System

Re: Questions about authentication

From: Peter J. Braam <braam_at_cs.cmu.edu>
Date: Wed, 25 Nov 1998 10:16:28 -0500 (EST)
Hi Jordan, 


On Tue, 24 Nov 1998, Jordan Mendelson wrote:

> I'm basically trying to rid myself of the NFS server and clients we have. We
> use NFS to distribute home directories around servers, so everyone can log
> in and have access to their own directory. Their home directories contain
> things such as public_html directories for hosting, etc.

Careful: Coda is experimental.  You can use it, but you must absolutely be
certain that you have good backups etc.

> 
> Is there a way that I can automatically have a user authenticate with the
> auth2 server when they log in? The problem is that they have to enter their
> password twice otherwise (once for system login, once for auth2 login). Not
> to mention that they have to enter it in every time their ticket expires
> (once an hour?)

The tickets expire every 25hours.  A PAM module could do the job - that
shouldn't be so complicated to write (volunteers?). 

> 
> I also have automated processes (web server) which must read those home
> directories and have access to the files (public_html).

You will have to tell clog to read the password from a protected file.

> 
> Right now I'm at the point where I have a server and client setup... I can
> mount the server, log in as 'coda'.. clog in as coda and play with files.
> 
> I also have the problem that auth2 has it's own password file and isn't
> using system database instead.

Auth2 can use a Kerberos password database.  Perhaps that is useful to
you, since that can give a system wide password database (which is also
quite secure). 

> 
> Maybe CODA isn't a good replacement for NFS in this case.

NFS has no security so that does "help" in making it simple.

Good luck, thanks for your interest in Coda.

- Peter -

> 
> 
> Jordan
> 
> --
> Jordan Mendelson     : http://jordy.wserv.com
> Web Services, Inc.   : http://www.wserv.com
> 
> 
Received on 1998-11-25 10:21:07