From owner-freebsd-security Tue Apr 9 7:42: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 3D89437B416 for ; Tue, 9 Apr 2002 07:42:00 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id AA6E610; Tue, 9 Apr 2002 09:41:59 -0500 (CDT) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g39EfwK47997; Tue, 9 Apr 2002 09:41:58 -0500 (CDT) (envelope-from nectar) Date: Tue, 9 Apr 2002 09:41:58 -0500 From: "Jacques A. Vidrine" To: Benjamin Krueger Cc: klik , "Douglas K. Rand" , freebsd-security@freebsd.org Subject: Re: Centralized authentication Message-ID: <20020409144158.GX19961@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Benjamin Krueger , klik , "Douglas K. Rand" , freebsd-security@freebsd.org References: <874riov1et.wl@delta.meridian-enviro.com> <002401c1ddf7$557e84a0$13ed7ad1@unstable.org> <20020406220150.C2867@rain.macguire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020406220150.C2867@rain.macguire.net> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Apr 06, 2002 at 10:01:50PM -0800, Benjamin Krueger wrote: > > ----- Original Message ----- > > From: "Douglas K. Rand" > > To: > > Sent: Saturday, April 06, 2002 6:43 PM > > Subject: Centralized authentication > > > > > > > We have a few dozen FreeBSD workstaions and servers and as their > > > numbers increase managing users and groups via indvidual /etc/passwd > > > and /etc/group files is getting more and more tiresome. We also have > > > just a few Linux boxes. > > > > > > We aren't a huge site, everybody is in one building on the same > > > network. > > > > > > I was wondering what other sites are using to solve this problem. > > I'd highly suggest the oft-little understood but incredibly deserving > Kerberos. I truly believe that if it were better documented and understood by > the masses of administrators out there, it would blow away current network > authentication systems. Yes, Kerberos does `blow away' many authentication systems. However, the poster's subject --- ``Centralized authentication'' --- doesn't really describe what he needs. In addition to authentication, he needs authorization and directory services, which Kerberos does not provide. i.e. there is no Kerberos mechanism with which to distribute the contents of /etc/passwd and /etc/group. > Heck, Microsoft used it to totally revitalize their > network authentication scheme to enormous benefit. Sadly, they then broke it > for anyone who isn't them. That's not really an accurate assessment of the situation. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message