[CUBE] How do I set up Local Network password? Thanks for the Help.

[atoa at krak.net]

On Wed, 24 Mar 2004, J.C. Webber III wrote:

> Allan Hise wrote:
> > J.C. Webber III wrote:
> > >atoa at krak.net wrote:
> > >>
> > >> NO! You don't. You still don't get it. You can log into your "server
> > box"
> > >> from practically any computer connected to the lan, even if in Baghdad
> > >> assuming an internet connection, with the same user/pass. You don't
> > need
> > >> to create a separate user/pass for every computer that wants to
> > connect.
> > >>
> > >
> > >Yes you do.
> > >
> > >It can be the *same* username and password, but the server box needs
> > >to know who you are.
> > >
> >
> > I'm with atoa on this one.
> > All you need is acces rights ON THE SERVER.
> > I can log in to the server with my cube or with my ibook or any other
> > machine I feel like using the account I have ON THE SERVER. The whole
> > point is that it does not matter where I log in from, because I have
> > access rights ON THE SERVER.
>
> Well, then I must not have done a very good job describing it because
> I agree with your description, too, and I thought that was what I tried
> to say.

Let's see, you agree with him, and he agrees with me, so you finally agree
with me?
>
> I tried to make the point that you needed an account on both the
> client machine and the SERVER.
>
> Obviously you must have an account on the client or you couldn't
> be trying to connect from there.  I tried to make the point that

This isn't exactly true.  If I'm running an OS that isn't a multi-user OS,
it has no concept of "account", so it can't really be said that I have an
"account" on it. This may seem to be a quibble, but in thinking about it I
think I have discovered why this thread has gone on as long as it has,
when it really concerns very basic stuff. Those who understand this stuff
may stop now.

When I connect to a server, I don't need to have an account on it, I
merely need to have _access_ to an account on it. That access is usually
provided by supplying a username/password. (I'm leaving aside services
such as http, for which merely identifying as a client able to
access the service is usually sufficient.)

Again, this may seem like a quibble, but it enables me to log into my
sister's computer in DC with her username/password, and troubleshoot
stuff. I'm not "pretending" to be my sister, I'm merely logging into her
account. "I" don't need an account, because I have access to hers.

Put another way, so long as I have access to an account on a server, I can
connect to that server from any other computer, generally speaking,
without identifying who I really am, what computer I'm connecting from, or
what I had for breakfast.

To specifics: Let's say I have 7 computers on my lan, in 5 different
rooms. One is my brother's personal box, one my sister's, one my father's,
one my mother's, and 3 are mine. All are running OSX (though the
principles are the same for other multi-user OS's). Each computer
has a distinct name (not essential, but very very helpful when there are
more than two computers on the lan). Each of them has two user accounts,
the "owner" and an account I've created for my use in administration.

>From _any_ box on the lan, I can connect to _any_ other box, either to the
admin account, or (since I know the username/pass of the "owner" - or can
readily change the password) as the "owner".

I have different names for the admin accounts. The admin account on the
box named Pluto is Pluto1, and so on. Some folks I know prefer to use a
common name on all boxes. But in either case the passwords should  _NOT_
the same. Security 101 says not to use shared passwords, as does common
sense (if one account is compromised, they all very soon will be).

My brother, on the other hand, cannot connect (except as a guest, if that
is enabled) to any of the other computers because he doesn't know the
passwords for any of the accounts on any of them. But if he sits down at his
sister's up and running computer, he can access his computer upstairs,
because he knows the username/password of the "owner" (himself) on it.

In practice, all of us have a public dropbox enabled and mounted for each
of the other boxes (I know people who email photos via the internet to
others on their lan, because they don't know any better).

Things can be a lot more complicated than described above, especially when
you start using groups of users, but the basics are pretty
straightforward. I would have said intuitive, but I guess they aren't.
Maybe I've been working with this stuff so long that it just seems to be
intuitive.

Sorry to have bored you all, but I did warn you. By the way, none of the
above is true, though it could be. I have more than 7 boxes on my LAN,
only two (or is it three?) are running OSX and they are all mine!

<snip>