From owner-freebsd-isp  Thu Feb 15 12:26:00 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA20048
          for isp-outgoing; Thu, 15 Feb 1996 12:26:00 -0800 (PST)
Received: from okjunc.junction.net (michael@okjunc.junction.net [199.166.227.1])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA20039
          for <freebsd-isp@FreeBSD.org>; Thu, 15 Feb 1996 12:25:53 -0800 (PST)
Received: (from michael@localhost) by okjunc.junction.net (8.6.11/8.6.11) id MAA02944; Thu, 15 Feb 1996 12:32:40 -0800
Date: Thu, 15 Feb 1996 12:32:32 -0800 (PST)
From: Michael Dillon <michael@memra.com>
X-Sender: michael@okjunc.junction.net
To: "Miguel A.L. Paraz" <map@iphil.net>
cc: Andrew Webster <andrew@nash.pubnix.net>, freebsd-isp@FreeBSD.org
Subject: Re: RADIUS
In-Reply-To: <199602150444.MAA08392@marikit.iphil.net>
Message-ID: <Pine.LNX.3.91.960215122459.22590A-100000@okjunc.junction.net>
Organization: Memra Software Inc. - Internet consulting
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@FreeBSD.org
Precedence: bulk

On Thu, 15 Feb 1996, Miguel A.L. Paraz wrote:

> Along this line, I previously asked for suggestions on good
> multiport cards to use for FreeBSD.  I also plan to stick a 
> sync serial board to make the system a one-box solution
> for ISPs.

Bad idea except for tiny startups or in-house corporate systems.

> I would appreciate advice on how to use such a system where
> user accounts are divided between different boxes.  Would
> NIS/NIS+ do it?  Or perhaps, a distributed RADIUS system
> like in the (complicated) Merit radiusd?

Start by making the FreeBSD terminal server into a terminal server. That 
is to say, no accounts on it at all except root. Strip just about 
everything out of /etc/inetd.conf. Make it so that a successful RADIUS 
login either gives a PPP or SLIP session, or else it rlogins to another 
box which is the shell/mail server and has the user accounts. You can 
handle hundreds of shell accounts on one box. If they are only POP email 
you can probably handle thousands. But you would not want to put more 
than 32 lines on a single FreeBSD terminal server.

NIS is a bad idea since it has too many security holes. 


Michael Dillon                                    Voice: +1-604-546-8022
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael@memra.com