Date: Wed, 10 Jun 1998 17:57:42 -0300 (ADT) From: The Hermit Hacker <scrappy@hub.org> To: Dom Mitchell <dom@myrddin.demon.co.uk> Cc: "Matthew N. Dodd" <winter@jurai.net>, Wm Brian McCane <root@bmccane.maxbaud.net>, isp@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: Radius login via getty Message-ID: <Pine.BSF.3.96.980610175658.317B-100000@thelab.hub.org> In-Reply-To: <E0yjqRl-0000I9-00.qmail@myrddin.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Jun 1998, Dom Mitchell wrote:
> "Matthew N. Dodd" <winter@jurai.net> writes:
> > Touching on this subject was a previous discussion of policy based login
> > handeling. (when/where/method based restrictions)
> >
> > Was there ever a design proposal submited?
> >
> > We have a number of different combinations to resolve and a solution that
> > is configurable not unlike IPFW (rule chains) might be a win.
>
> [snip]
>
> > We've got a number of different authentication systems to choose from as
> > well (and must take into account their needs.)
> >
> > - flatfile username/password (normal, default fallback etc)
> > - YP/NIS
> > - NIS+
> > - S/Key
> > - .rhosts
> > - RSA (via ssh)
> > - Kerberos 4
> > - Kerberos 5
> > - Radius
> > - LDAP?
> > - External database/flatfile etc?
> > - ACE/SecureID
>
> Really, what we're looking at here, is something like Solaris'
> /etc/nsswitch.conf. However, that does bring a whole baggage of
Actually, I believe that solaris is moving towards using PAM for
all this too...each of the above, I believe, already has a pam module out
there for it...
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980610175658.317B-100000>