Date: Mon, 21 Apr 1997 11:52:51 +0930 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: michael@memra.com (Michael Dillon) Cc: freebsd-isp@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: Need a common passwd file among machines Message-ID: <199704210222.LAA06517@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSI.3.93.970420090935.10900D-100000@sidhe.memra.com> from Michael Dillon at "Apr 20, 97 09:14:15 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Dillon stands accused of saying: > > RADIUS is used by terminal servers to authenticate users by "going to some > server and asking him" and you can have a backup RADIUS server in case the > primary one goes down. I think ISP's would find it easier to manage a site > using RADIUS for all authentication, not just terminal servers. Unfortunately, Livingston have put some anal restrictions on their latest RADIUS server code. > But more importantly, I think that systems need to have a hook in the > authentication procedure so that the sysadmin can install their own > allow/deny code so that certain servers can still authenticate via RADIUS > but only certain users or only at certain times of day or only logins from > the console or from certain IP addresses. This is one of the goals of the PAM framework. I hope to have some time next week to get myself back up to date with PAM and update my BSD port of it. Once I have it building and linkable, it will be time to start discussing how to integrate it. 8) > In general, OSes with source are easy to fit into this kind of a scenario > but other ones (Solaris, SCO, IRIX, NT) are not. Solaris at least will be using PAM in 2.6 in a publically-visible fashion; it does in 2.5 but not usefully. This allows you to provide binary authentication/administration modules without requiring any source hackery. > Michael Dillon - Internet & ISP Consulting -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704210222.LAA06517>