On Wed, Mar 14, 2001 at 06:31:12PM -0800, Munir Nassar wrote: > > here is the <music please> master plan: > i would have a simbolic link of the "passwd" and the > "shadow" file in the /home directory, i would then > export the home directory and have it exported and > mounted as /home on the workstations, on the > workstation /etc/passwd and /etc/shadow would link to > the links in the home directory, that way i only have > to update passwd once and people get to see their > stuff on any machine without have to "login" to a > server AND be able to use these machines resources > like floppy/cdrom/sound card etc > > now you mentioned ipspoofin as a security risk, can i > block against it? and what other concerns can you > forsee? This would most likely cause problems when the system was starting up. If the system does not have a valid passwd/shadow until /home gets NFS mounted then it could cause some undefined types of error during bootup. Anything that would attempt to use a non root user like (ie sendmail, http, ...etc) could fail or hang during boot. This may even affect the root user (i don't know for sure). But I do know that if your NFS server becomes unavailable all of your systems would mess up bad. I would suggest NIS, if security isn't that big of an issue. Otherwise, some type of ssh distribution may be in order. You would have problems with this if people expected to be able to change thier passwords on the clients, but depending on the situation you may be able to come up with a workaround. Something like changing passwords only on your distribution host or the like. Regards - Karl