Mast Kalandar

bandar's colander of random jamun aur aam

Fri, 20 Jan 2006

< Getting suspend to work on the Thinkpad R51 | · | Some comments on the FOSS Initiative by PSA. >

Changing remote access rules

ccm, imsc, sysadmin [link] [comments ()] [raw]

For a long while now, remote access to the IMSc network has been through two machines.

As those who administer such services can imagine, managing access1 is quite complex. This is accentuated by the fact that it is outside a NAT firewall. Configuring RPC services like NIS and NFS across a firewall in a secure way when the NFS server is a Solaris machine --- luckily this was fully documented when it was done, or I wouldn't be able to re-create it!

Since we are switching ISP's as well, this seemed like a good time to combine the best features of both services. The older machines are kept on the old link (to be shut down on 1st February) and the new link has the new remote access machine.

This eliminates NIS passwords, NFS and at the same time gives "full service" to users. Detailed instructions for generating public-keys have also been provided. Unfortunately, some users don't see it that way.

This is not a sudden decision. Extensive discussions have taken place prior to this. Re-creating access1 just to accomodate some lazy and recalcitrant users of proprietary software is not my cup of tea. However, the latter statement is seen as a "threat".

For sticks-in-the-mud any change is a threat.


< January 2006 >
1 2 3 4 5 6 7
8 91011121314

2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1997, 1995,