Date: Wed, 24 Sep 2003 16:14:04 -0400 From: Jesse Guardiani <jesse@wingnet.net> To: freebsd-security@freebsd.org Subject: Re: unified authentication Message-ID: <bkstue$dkf$1@sea.gmane.org> References: <200309241555.30825.jesse@wingnet.net> <Pine.NEB.3.96L.1030924155809.70421B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > On Wed, 24 Sep 2003, Jesse Guardiani wrote: > >> On Wednesday 24 September 2003 12:54, Matthew George wrote: >> > On Wed, 24 Sep 2003, Jesse Guardiani wrote: >> > > 1.) Kerberos >> > >> > krb is nice, but the problem with it is that all of your applications >> > need to be kerberized in order to support ticket validation from the >> > krb >> > server. There is an interesting description (albeit slightly dated) of >> > how the system works at: >> > >> > http://web.mit.edu/kerberos/www/dialogue.html >> >> Yes, I found that after I posted to the list. Very informative. >> >> I understand what you're saying when you say that all applications need >> to be kerberized in order to work, but isn't that true of any auth >> mechanism? >> >> Perhaps kerberization just isn't very widespread as something like LDAP? > > My current preference in new installs is to use Kerberos5 for > authentication and LDAP for account information. If you're willing to > throw SSL into the mix, a lack of "kerberization" isn't such a problem -- > you basically end up using Kerberos5 as a distributed password mechanism > for non-Kerberized clients. I.e., using IMAP over SSL, SMTP over SSL, > etc. And that's more or less what I was thinking of doing here, except it wouldn't be IMAP and SMTP (because that is already handled by my mail server's MySQL database), but Kerberos as a distributed password mechanism for SSH, Apache .htaccess, Cisco routers, etc... Does that work well with FreeBSD 4.8? Or would I need to use 5.x to deploy Kerberos5 in that manner? -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bkstue$dkf$1>