File: lg_answer24.html

package info (click to toggle)
lg-issue24 4-2
links: PTS
area: main
in suites: potato
size: 1,720 kB
ctags: 130
sloc: sh: 48; makefile: 37
file content (709 lines) | stat: -rw-r--r-- 28,183 bytes
parent folder | download | duplicates (2)
<!--startcut =======================================================  -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> 
<html>
<head>
<title>The Answer Guy Issue 24</title>
</head>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
ALINK="#FF0000">
<!--endcut =========================================================  -->
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <HR> <P> 

<!-- ===============================================================  -->
<center>
<H1><A NAME="answer">
<img src="../gx/ans.gif" alt="" border=0 align=middle>
The Answer Guy
<img src="../gx/ans.gif" alt="" border=0 align=middle>
</A></H1> <BR>
<H4>By James T. Dennis,
<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR> 
Starshine Technical Services, <A HREF="http://www.starshine.org/">
http://www.starshine.org/</A> </H4> 
</center>

<p><HR><p>
<H3>Contents:</H3>
<ul>
<li><a HREF="./lg_answer24.html#net1">Netscape Mail Crashing</a>
<li><a HREF="./lg_answer24.html#slack">Slackware Help</a>
<li><a HREF="./lg_answer24.html#net2">Netscape /var/spool/USER </a>
<li><a HREF="./lg_answer24.html#virtual">Getting Rid of Virtual Screens</a>
<li><a HREF="./lg_answer24.html#diald">diald's niche</a>
<li><a HREF="./lg_answer24.html#redh1">Upgrade to Red Hat 5.0?</a>
<li><a HREF="./lg_answer24.html#redh2">Red Hat Linux and WABI and other things</a>
<li><a HREF="./lg_answer24.html#pdt">Linux as a PDT</a>
</ul>

<p><HR><p> 
<!--================================================================-->

<a name="net1"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Netscape Mail Crashing 
</H3>
<P> <B> 
From: Jim Kelley, <A
HREF="mailto:the-jim@swbell.net">the-jim@swbell.net</A><BR>
</B> <P> <B> 
I've been running Netscape Communicator 4.04 on my RedHat Linux system
since the day it came out and yesterday it started crashing whenever I
check for new messeges or try to go to a newsgroup.  I've deleted NC4.04
and re-installed it but to no avail.
Any suggestions?
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	When you removed NC4.04 (which I didn't know had been released
	yet -- I'm still using 4.03) did you also remove your ~/.netscape
	directory tree?
<P>
	What happens if you try it from another account on the same 
	system? What happens if you use different e-mail and newsreaders?
	(elm, pine, emacs' mh-e and/or tin, nn, trn, or emacs' Gnus 
	for respective examples).
<P>
	I would suspect a data or configuration file corruption.  Many
	programming practices that I most loathe and detest have to do
	with a lack of robustness and simple error messages with regard
	to corrupted input.  Is it really that hard to have a switch 
	that logs each input source like:  "Reading configuration from
	~/.netscape/foorc....." and "Bounds error at ~/.netscape/bar.conf
	offset 0x2AFF9A77"?
	
	I haven't looked at the innards of NS Comm's data files -- I
	wouldn't use their mail and newsreaders since I'm very 
	particular about my mail and netnews -- and I need extensible,
	configurable, text mode capable systems (so I use emacs' mh-e and
	Gnus).
<P>
--Jim 
			   
<p><HR><p> 
<!--================================================================-->

<a name="slack"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Slackware Help
</H3>
<P> <B> 
From: Ralph, <A HREF="mailto:RPMAXEDGE@aol.com">RPMAXEDGE@aol.com</A>
</B> <P> <B> 
HELP!!!!!!!!!!!!!<BR> 
Recently I installed Linux Slackware version 3.2, everything loaded fine, but
I really run into problems when I set up the password for the root, for some
reason the one i register doesn't allow me to log in.  I have problems on how
to mount the /root and remove the existing password from the /etc/shadow.  I
install linux with partitions for a SCSI hardrive sda1 sda2.
 I would really appreciate some few hints to solve this problem.. Thank YOU
VERY MUCH.                                            
</B> <P> <B> 
--Ralph
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	I haven't used any of the newer Slackware systems -- so I don't know
	if there's anything specific to their system that would contribute
	to or cause this problem.
<P>
	The general way to fix this sort of problem (lost root password) is
	to boot from a rescue diskette (or from an "alternate root partition")
	mount your normal root partition (let's you put it under /mnt/oldroot)
	and then simply edit the mnt/oldroot/etc/passwd file -- and maybe the
	corresponding shadow file).
<P>
	Another trick is to use the chroot command instead of editing the 
	passwd files directly.  Basically you can follow the mount with
	a command sequence like:
<PRE>
		cd /mnt/oldroot/ && usr/sbin/chroot . bin/sh 
</PRE>
	... and then:
<PRE>
		passwd 
</PRE>
	(allows you to use the normal passwd command -- and forces it to 
	update the passwd files *under* the (chroot)/etc directory rather
	than the one of the root diskette or the alternative root part).
<P>
	A properly maintained alternative root partition should have 
	extra copies (mirrors) of the whole /etc directory from your
	production root partition.  This makes recovery from errors
	*much* easier.  On some systems you may be able to use a
	removable drive (LS120, Zip, Jaz, magneto-optical, Bernouli,
	Syquest, DynaMO, whatever) as your alternative root system.
<P>
-- Jim

<p><HR><p> 
<!--================================================================-->

<a name="net2"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Netscape /var/spool/USER 
</H3>
<P> <B> 
From: John Liebenrood, <A
HREF="mailto:k7ro@teleport.com">k7ro@teleport.com</A> 
</B> <P> <B> 
I'm running Redhat 4.2 with Netscape 3.01. I can
send mail fine but I can't receive mail.  I don't understand
how to configure my /var/spool/USER.  I've used chown mail.mail
and chmod 01777 on USER file. But still can't get mail to come
in...  
    all talk no listen
</B> <P> <B> 
--john
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	Do you have a POP account?  Are you trying to 
	read you mail from the localhost?  Where is your 
	localhost supposed to get it's mail from?
<P>
	Normally 'sendmail' (or smail, deliver, or procmail) 
	appends messages to your spool file.  'sendmail' gets
	your mail via SMTP or from your UUCP system (depending
	on your configuration and your ISP/account type).  
<P>
	There are a bunch of factors that anyone would need to
	know before answering your question.
<P>
	Netscape is normally configured to fetch mail via the
	POP protocol and to send it directly via SMTP.  If your
	system is already configured to send and recieve mail 
	(i.e. you can use other mail user agents (MUA's) like
	elm, pine, mh, etc) then you should be able to configure
	Netscape to use "localhost" (the loopback interface --
	internal to your own system).
<P>
	Personally I won't use NS Nav. (or Comm.) as a mail or
	news client.  I absolutely require a text mode interface
<P>
-- Jim

<p><HR><p> 
<!--================================================================-->

<a name="virtual"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Getting Rid of Virtual Screen
</H3>
<P> <B> 
From: <A HREF="mailto:bmiles@intergate.bc.ca">bmiles@intergate.bc.ca</A>
</B> <P> <B> 
Hi, how do i get rid of the virtual screen under x windows, it's bloody
annoying!! I've tried disabling it under install and I've even tried
resetting my resolution size, please help!!!
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	Assuming you're using XFree86 you'd edit your XF86Config file
	(which might be /etc/X11/XF86Config or might be something more
	like /usr/X11R6/lib/.... or something).
<P>
	Find the Screen section for the device driver and mode you're
	using, look for the display subsection that applies you your
	monitor and modify the "Virtual" line thereunder.
<P>
	If you've tried that (if that's what you mean by "resetting my
	resolution" or "disabling it under install") than it's possible
	that you're using a different X Server than I think you are
	(Xig, or Metro-X or something) or that your installation or 
	distribution is using a config file in a different location
	than you think it is.
<P>
	The man pages for 'X', 'startx' and 'xinit' may help -- in 
	particular the XFree86 servers allow you to specify an option
	of -xf86config file -- which allows you to explicitly over-ride
	the system wide configuration (and is a great reason for 
	security concscious sysadmins to limit the execution of X to 
	some trusted local users -- and maybe use xdm).
<P>
	I found this option in XFree86(1) (that's the XFree86 man page
	in chapter one on my man pages).  Don't confuse it with the 
	-config option referred to in the XServer(1) man page.  That
	option just says that more *command-line options* are stored
	in a file.  The XServer man page refers to options and 
	configuration information that should apply to any Unix X
	Windows display server.  The XFree86(1) page refers to the
	extensions which apply to the servers written as part of the
	XFree86 project.  The various XF86_* man pages refer to the
	features that are specific to specific servers (that is the
	ones which are compiled for a given video card or chipset).
<P>
	You're only running one binary -- yet three man pages apply
	to whichever one you're using.  This is unnecessarily confusing
	-- and one of the books I've perused (on Unix, X, or Linux) 
	cover this sort of thing.  So you have to wander through lots
	of different man pages and /usr/doc/* files without a clear
	roadmap.
<P>
	I'm hoping that some future distribution (maybe the Red Hat
	5.0 that's supposed to be shipping in the next couple of 
	weeks, or the next Debian) will have a really good set of
	HTML (lynx clean!) documents, served by default off of the
	initial localhost webserver which takes a top down, organized
	approach to educating and informing us about all the power and
	choices we have in Linux.
<P>
-- Jim

<p><HR><p> 
<!--================================================================-->

<a name="diald"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
diald's Niche
</H3>
<P> <B> 
From: Pollywog, <A
HREF="mailto:caldera-users@rim.caldera.com">caldera-users@rim.caldera.com
</A> 
</B> <P> <B> 
Put it anywhere you'd like.  The .rpm version installs into defined
sub-directories, but keep the .rpm file anywhere you like.  I have
/usr/local/packages for tarballs and .rpms....
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	I recommend that SA's use a /usr/local/from directory
	tree.  You can then have a set of directories named
	after your favorite FTP and web sites and after the
	volume names of your favorite CD's.  
<P>
	When you download/fetch a file -- put it into a directory
	that reminds you where you got it from such as:
<P>
		/usr/local/from/sunsite/
		/usr/local/from/redhat/
		/usr/local/from/ftp.replay.com/
<P>
	... etc.
<P>
	Now when you want to upgrade a package you can see where
	you got the previous version from -- and consequently you
	have a headstart on where to look for upgrades.
<P>
	This technique is also handy if you read an alert about a
	compromised (trojan) package -- you can easily see where
	*you* got your copy from.
<P>
	For files you install off of the CD -- create a directory
	name that reminds of you which CD it is like:
<P>
		/usr/local/from/cd/MOP/		(Mother of Perl)
		/usr/local/from/cd/rharchive.fall97/
<P>
	... etc.
<P>
	Now you just put symlinks from that directory to your usual
	CD-ROM mount point (ln -s /mnt/cdrom/dir/foo  foo).
<P>
	This creates a tree of "broken" links -- but it tells you 
	where to find the source file if/when you need to rebuild.
<P>
	As you can probably see this technique is really a "poor
	man's HSM" (hierarchial storage management system).  You can
	also extend this idea to migrated data files from your home
	directories to removable media (such as Zip, Syquest, MO,
	and CDR devices).
<P>
	It's also a very handy form of self-documentation in businesses
	where you may have many sysadmins or you may have various 
	consultants "stomping" around on your systems.
<P>
-- Jim 

<p><HR><p> 
<!--================================================================-->

<a name="redh1"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Upgrade to Red Hat 5.0? 
</H3>
<P> <B> 
From: Jason Welsh, <A HREF="mailto:jwelsh@mci.net">jwelsh@mci.net</A>
</B> <P> <B> 
hey, im running an older 4.something version of Red Hat and was
wondering if I just wanted to upgrade it to 5.0, do I need to
download certain RPMS or do I need to get the whole thing?
or get it on CD.. just curious if there was a shortcut I could 
take..
</B> <P> <B> 
--Jason.
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	I would get the CD (in fact I did -- but I haven't 
	run the upgrade yet -- want to finish some work and
	do an extra backup first).
<P>
	CD's save lots of bandwidth and save lots of time.
<P>
	If you don't need the commercial packages that come
	with Red Hat (the BRU and Metro-X) you can wait a 
	month or so for the "Archives" set to come out --
	which is about $20 (less than half the full version).
<P>
-- Jim

<p><HR><p> 
<!--================================================================-->

<a name="redh2"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Red Hat Linux and WABI and other things
</H3>
<P> <B> 
From: <A
HREF="mailto: peter@trimatrix.net">peter@trimatrix.net</A> 
</B> <P> <B> 
I have RedHat Linux v5.0 (kernal 2.x) ($49) and (silly me)
found out that Caldera OpenLinux Standard ($399) supports
WABI for Windows 3.1 apps, FreeDOS (or is it DOSEMU??) for
DOS apps, and NetWare 3.x/4.x client supporting NDS (Network
Directory Services).
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	WABI/Linux (a.k.a the Windows 3.1 Applications Binary
	Interface) is available separately from Caldera.  It 
	is a commercial package -- and it should install on
	most Linux systems without much trouble.
<P>
	There's also WINE ("WINdows Emulation" or "WINE is not 
	Emulation" -- take your pick of acronym expansion).
	This is a freeware project to implement enough support
	for the lower level Windows API's to allow Linux (and 
	other Unix) users to install MS-Windows and run Windows 
	programs.
<P>
	I've heard that it is also possible to run Windows 3.1 
	in "standard mode" under DOSEMU/MS-DOS.  I'm not sure if
	that works under other DOS variants running under DOSEMU.
<P>
	OpenDOS is Caldera's release of "Novell DOS" (which
	was formerly "DR DOS" -- from Digital Research).  
	Caldera aquired the licenses and rights to Novell DOS
	when Novell decided to "refocus on its 'core' markets"
	(and practically gutted itself in the process).  In 
	fact Caldera's "Network Desktop" (their distribution that
	preceded the OpenLinux/Base and OpenLinux/Standard) was
	originally a research project at Novell.
<P>
	OpenDOS is partially commercial -- it is free for personal
	use (or for students, or something like that -- read their
	web pages for details).  It has little to do with DOSEMU.
	OpenDOS is available on CD for about $30(US).  
<P>
	DOSEMU is really a bit of a misnomer.  Technically it's
	a BIOS emulator which can be used to run any x86 "real mode"
	operating system (such as CP/M-86 or some versions of Forth).
	When you install DOSEMU you also have to install some copy of
	DOS (MS-DOS, PC-DOS, OpenDOS, whatever) to get any practical
	use out of it.  DOSEMU includes several DOS programs which
	connect to the underlying Linux system.  This allows one to 
	access Linux directories and NFS mounts as DOS "network" 
	drive letters, and do other things like that.
<P>
	FreeDOS is a different project -- you can learn more about 
	it at http://www.freedos.org.  They are quite Linux friendly
	-- but I haven't played with their release (and I've barely
	touched DOSEMU or Caldera's OpenDOS) so I can't say much about
	it.
<P>
	Regarding Netware access from Linux:
<P>
	Caldera's Netware client access (with bindery and NDS support)
	is only available as part of their OpenLinux Standard (as far as
	I know).  I've heard that some people have successfully installed
	the clients on other Linux distributions.  However it appears 
	that you are legally required to purchase the commercial 
	COL/Standard (Caldera OpenLinux is often called COL by participants
	of it's mailing lists).
<P>
	There are also a couple of free packages that implement some
	Netware protocols for Linux.  'ncpfs' is one that allows you 
	to 'mount' Netware partitions in a way that similar to NFS.
	This is a system-wide mount (unlike the Caldera netware clients
	where each user has unique "virtual" mountings that are not
	visible from other concurrent processes on the system.  
<P>
	There's also the mars_nwe (Netware emulator) that implements 
	a subset of the Netware fileserver protocols -- allowing DOS 
	and other systems to access portions of your Linux 
	filesystem(s) using the Netware clients (similar to 'samba' 
	for Windows for Workgroups/LANMan/NT functionality).
<P> <B>  
<img align=bottom alt=" " src="../gx/ques.gif">
I would like to know if this support can be added to RedHat
Linux by downloading this stuff from somewhere, and recompiling
the kernel?  Can you help?  I'm new to RedHat and have not 
yet gotten an answer from them.... If not, can you direct me
to where I can inquire? This is a quest to make use of our
486 computers at work (and just need to know) by running
Linux, and still support some things like Windows 3.1x Lotus Lotsuite,
etc., which Caldera claims to do, but I would like
to find out how much trouble it would be to add support to
Redhat.....
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	In general, anything you can run under Caldera you 
	can get to run under Red Hat or any other reasonably
	recent Linux distribution.
<P>
	Since Caldera, Red Hat, Craftworks, and a couple of 
	other Linux distributions use the same package 
	management system (the RPM -- or "Red Hat Package
	Manager") sharing packages among them is somewhat
	simpler than installing a Debian package or Slackware
	"tarball" would be.
<P>
	I'd look at any FTP mirror of Red Hat's "contrib" 
	directory for the lastest dosemu "rpm" and install
	that.  You'll probably find one of these on your set
	of Red Hat CD's in addition to the ones online.
	You can check the online directory for updates and
	recent additions.
<P>
-- Jim

<p><HR><p> 
<!--================================================================-->

<a name="pdt"></a>
<H3><img align=bottom alt=" " src="../gx/ques.gif">
Linux as a PDT 
</H3>
<P> <B> 
From: Karl Rossing, <A HREF="mailto:gtivr6@pangea.ca">gtivr6@pangea.ca</A> 
</B> <P> <B> 
Linux as a PDC (Primary Domain Controller), NIS/NIS+ Master -- etc.
</B> <P> <B> 
I was wondering if it is possble to get windows 95/NT to authenticate
to LINUX (using nis or nis+). I'm really getting tired of adding
accounts on the nt boxes for the linux boxes(for smb)...Is there any
commercial software availible? 
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	It sounds like you're asking fundamentally different 
	questions here.
<P>
	In your subject you refer to using Linux as a PDT
	by which I presume you meant a PDC (Primary Domain
	Controller).  Here you refer to using NIS/NIS+ --
	which would involve adding client support (third party
	software) to all of the NT/'95 boxes.
<P>
	A broader questions is:
<P>
		What network authentication and directory 
		services system/model/architecture should
		you use?
<P>
	This is a sticky question with no easy answer.  
<P>
	A simpler question is:
<P>
		How can I configure my MS client machines
		(NT and '95) to use my Linux system's 
		account information for access control and
		authentication?
<P>
<P>
	I'll provide some thoughts on each of these questions
	after commenting on the rest of your message:
<P> <B>  
<img align=bottom alt=" " src="../gx/ques.gif">
I know of p-sync [http://www.m-tech.ab.ca/psynch/index.html]
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	I glanced at their web pages and was not impressed.
	They have almost no text and are almost completely 
	unreadable for Lynx users.  They also don't offer
	any functionality in their demo -- which is just a 
	mockup of the GUI (crippleware).
<P> <B>  
<img align=bottom alt=" " src="../gx/ques.gif">
and NSGINA
[http://www.dcs.qmw.ac.uk/~williams/]
which seems a bit of work to setup...
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	That would "NISGINA"  This is by Nigel Williams -- apparently
	derived from work by Doug Scoular(*). It is apparently released
	under a BSD'ish license.  So this is much more promising than
	the p-sync package right off the bat.
<P>
	* (http://www.arch.usyd.edu.au/~doug/gina.html)
<P>
	GINA (graphical identification and authentication) is the 
	NT DLL that manage logins at the NT console -- there are 
	several different GINA's -- one from Novell for NDS, one 
	from MIT for Kerberos, another similar one for NT-AFS
	(Transarc's distributed filesystem -- which uses a 
	Kerberos 4 authentication model) etc.
	
	Here are some related URLS:
<P>
NT GINA related information:
http://web.mit.edu/cartel/ntgina.html
	-- very informative -- leads to all the rest that I found.
<P>
ND_GINA - An alternative authentication method for Windows NTr,
http://www.nd.edu/~dobbins/ntarch/nd_gina_doc.html
<P>
NT/UNIX Integration with Doug's GINA replacement,
http://www.arch.usyd.edu.au/~doug/gina.html
<P>
	The problem with GINA is that it doesn't appear to be
	available for '95 (or earlier versions of Windows or 
	DOS).  That may be a show stopper for for this approach
<P>
	I can't recommend in good faith that you upgrade
	you Win '95 systems to NT (since that just buys you 
	in further to this proprietary OS model -- and just 
	worsens your dilemma when '98 and NT 5.x ship).
<P> <B>  
<img align=bottom alt=" " src="../gx/ques.gif">
I'm not really looking for passwd syncronisation, i'd like to
consolidate it to the linux box, because the users use both linux/95/nt.
nuff said, thanks.
</B> <P> 
<img align=bottom alt=" " src="../gx/ans2.gif">
	I don't think nearly 'nuff's been said about this topic.
	There are a large number of directory service and 
	authentication methods that are vying for control of your
	network.  Each as its own security implications -- making
	them co-exist is difficult from the start, and a 
	constant drain on administrative time and resources -- and
	having them running concurrently usually means that the
	weakest link prevails in your security model.
<P>
	There's an excellent white paper about this at Cygnus
	Solutions:
<P>
		http://www.cygnus.com/product/unifying-security.html
<P>
	That aside, some of your choices are:
<ul>
<li>Microsoft's WINS (and its PDC/BDC domain model)
<li>Kerberos and Cygnus Kerbnet
<li>NIS/NIS+ 
<li>RADIUS/TACACS 
<li>LDAP (lightweight directory access protocol)
<li>Netware NDS, Banyan StreetTalk, etc.
<li>Host based security -- custom synchronization
<li>scripts.
</ul>
	So far I don't like any of them.  NIS/NIS+ is usually
	used with NFS.  Kerberos is the models that's used 
	in conjunction with AFS/DFS (and CODA if they ever
	finish it).  CIFS/SMB filesharing can be done with 
	very weak authentication (workgroups style) or with
	the WINS Microsoft model.
<P>
	Overall I think I'll like CODA best when we have a 
	reasonably Linux server and client for it.
<P>
	More more info on the CODA project at CMU browse 
	through their mailling list archives at:
<P>
		http://www.coda.cs.cmu.edu/maillists/linux-coda/0175.html
<P>
	I could rant for sometime about the security models of 
	the various network/shared filesystems -- but it's late
	so let it suffice to say I like that even less than the
	choices for DS and authentication.  So far I think I like
	TCFS (transparent cryptographic filesystem) the best for
	security -- though I'm quite concerned about its performance
	costs.
<P>
	I presume you're using Samba on your Linux server(s) to
	provide file services to your Windows clients.  From a 
	glance at the Samba Meta-FAQ and some of its other pages
	it looks like you could just let Linux/Samba manage the 
	accounts for your whole network.
<P>
	Here's some links that relate to that:
<P>
	Samba: User accounts
	http://samba.anu.edu.au/samba/docs/smb_serv/html/smb_se-4.html#ss4.1
<P>
	Samba Server HOWTO
	http://samba.anu.edu.au/samba/docs/smb_serv/html/smb_se.html
<P>
	(*Note: if I read this correctly -- Samba can't currently 
	 be a "password server."  This seems to mean that it can't
	 act as a PDC/BDC (backup domain controller) for NT systems
	 to refer client authentication requests through).
<P>
	It looks like the future will hold some sort of LDAP and
	Kerberos -- for NT and many other OS' and packages.  This 
	would be fine -- if it weren't for the inevitable politicking
	and kneebiting that the various commercial vendors are going
	to do.
<P>
	The problem is that everyone's version of LDAP (directory
	services) and Kerberos (authentication) will be just 
	different enough that each vendor's OS will just *need* to
	be *the* server for *their* domain.  They'll all make 
	press releases about their "interoperability" -- and most
	will refuse to release enough details about their "extensions"
	for any other vendor (or freeware programmers) to implement
	them elsewhere.
<P>
	I guess it will take a few years after the initial deployment
	for enough of this proprietary info to leak out (and/or be
	reverse engineered) to allow system administrators to actually
	have any semblance of a unified directory service and 
	authentication system.  The bugs and security problems will 
	probably keep popping up for a long time after that (they've
	been popping up in Unix for 27 years -- and many of them are
	reappearing in NT now).  
<P>
	Meanwhile we're going to see a continuing explosion of
	servers and network applications (client server systems)
	that each require different user account (with associated 
	group, token, and other information) and authentication 
	information.
<P>
	Worse yet, the various layers of management above us
	are already hearing the marketeers lies -- that the 
	solutions are "already shipping" or "just around the
	corner."  This is just what management wants to hear
	-- so many of them are believing it -- and planning their
	budgets and project schedules accordingly.   A system
	administration disaster in the making.
<P>
	Sorry I can't offer a brighter hope for the new year --
	but I'm no marketeer.   
<P>
-- Jim

<!--================================================================-->
<P> <HR> <P> 
<center><H4>Previous "Answer Guy" Columns</H4></center>
<P>
<A HREF="../issue13/answer.html">Answer Guy #1, January 1997</A><BR>
<A HREF="../issue14/answer.html">Answer Guy #2, February 1997</A><br>
<A HREF="../issue15/answer.html">Answer Guy #3, March 1997</A><br>
<A HREF="../issue16/answer.html">Answer Guy #4, April 1997</A><br>
<A HREF="../issue17/answer.html">Answer Guy #5, May 1997</A><br>
<A HREF="../issue18/lg_answer18.html">Answer Guy #6, June 1997</A><br>
<A HREF="../issue19/lg_answer19.html">Answer Guy #7, July 1997</A><br>
<A HREF="../issue20/lg_answer20.html">Answer Guy #8, August 1997</A><br>
<A HREF="../issue21/lg_answer21.html">Answer Guy #9, September 1997</A><br>
<A HREF="../issue22/lg_answer22.html">Answer Guy #10, October 1997</A><br>
<A HREF="../issue23/lg_answer23.html">Answer Guy #11, December 1997</A>
<P><HR><P>
<center><H5>Copyright &copy; 1998, James T. Dennis <BR> 
Published in Issue 24 of the Linux Gazette January 1998</H5></center>
<P> <HR> <P> 
<!--================================================================-->
<A HREF="./lg_toc24.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF 
CONTENTS ]"></A> <A HREF="../index.html"><IMG SRC="../gx/homenew.gif" 
ALT="[ FRONT PAGE ]"></A> 
<A HREF="lg_bytes24.html"><IMG SRC="../gx/back2.gif" ALT=" Back "></A>
<A HREF="./nielsen.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<!--startcut =======================================================  -->
</body> 
</html>
<!--endcut =========================================================  -->