On Thu, Nov 02, 2006 at 02:50:32PM -0500, Gabriel Somlo wrote: > Assume a large-ish site, with distributed machine ownership/control. We > control some, but some other groups control some other machines. We want This probably isn't the best list for this. But a quick answer to some of your questions: > - NIS/YP allows this, but can we use it for authorization w/o the > authentication bit, for which it was insecure last time I looked Yes. You can use NIS for accounts with kerberos passwords. > - can we get LDAP to behave like this (I have no real experience > with LDAP, so kindly point me to the appropriate HowTo) :) Be very aware that the "L" in LDAP is a relative term compared to the X.500 standard. In absolute terms, it's ridiculous. Particularly, OpenLDAP is an administrative nightmare. Fedora Directory server may be better. > 3. Network file system (AFS? NFS? SMB? other?) We need to: > - map to unix perms (ugo/rwx) (AFS doesn't do this, does it?) You do not want to start a new AFS installation. Period. Not only does AFS not do this, it's got a whole host of other problems. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- Fedora-config-list mailing list Fedora-config-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-config-list