unified authentication
Tillman Hodgson
tillman at seekingfire.com
Wed Sep 24 13:50:31 PDT 2003
On Wed, Sep 24, 2003 at 03:55:30PM -0400, Jesse Guardiani wrote:
> Well, I'm currently trying to decide between these then:
>
> Kerberos
> RADIUS
> LDAP (OpenLDAP only. I don't have a proprietary LDAP solution.)
> TACACS
> pam_smb, possibly.
These aren't necessarily mutually exclusive.
> I'm ruling out NIS/NIS+ because:
> --------------------------------
> 1.) I'd like something with decent cyptography built in. That's why I conceptually
> like Kerberos.
> 2.) AFAIK, no Cisco support.
NIS (for authorization info) with Kerberos 5 (for authentication)
provides decent cryptography and wide platform support. Cisco supports
Kerberos.
> Once I get authentication working, how do I handle
> the creation of home directories and basic user
> files across multiple machines?
>
> Do I need to start running NFS, or is there a more
> elegant solution?
OpenAFS, very elegant solution. Unfortunately, it doesn't work on
FreeBSD yet (or anymore as a client).
-T
--
The beauty of the democratic systems of thought control, as contrasted with
their clumsy totalitarian counterparts, is that they operate by subtly
establishing on a voluntary basis - aided by the force of nationalism and
media control by substantial interests - presuppositions that set the
limits of debate, rather than by imposing beliefs with a bludgeon.
- Noam Chomsky, _After the Cataclysm_
More information about the freebsd-security
mailing list