On Wed, Mar 14, 2001 at 06:31:12PM -0800, Munir Nassar wrote:
> 
> here is the <music please> master plan:
> i would have a simbolic link of the "passwd" and the
> "shadow" file in the /home directory, i would then
> export the home directory and have it exported and
> mounted as /home on the workstations, on the
> workstation /etc/passwd and /etc/shadow would link to
> the links in the home directory, that way i only have
> to update passwd once and people get to see their
> stuff on any machine without have to "login" to a
> server AND be able to use these machines resources
> like floppy/cdrom/sound card etc
> 
> now you mentioned ipspoofin as a security risk, can i
> block against it? and what other concerns can you
> forsee? 

This would most likely cause problems when the system was
starting up. If the system does not have a valid passwd/shadow
until /home gets NFS mounted then it could cause some undefined
types of error during bootup. Anything that would attempt to
use a non root user like (ie sendmail, http, ...etc) could fail
or hang during boot. This may even affect the root user (i don't
know for sure). But I do know that if your NFS server becomes
unavailable all of your systems would mess up bad.

I would suggest NIS, if security isn't that big of an issue.

Otherwise, some type of ssh distribution may be in order. You
would have problems with this if people expected to be able
to change thier passwords on the clients, but depending on the
situation you may be able to come up with a workaround. Something
like changing passwords only on your distribution host or the
like.

Regards

					- Karl