Date: Wed, 24 Sep 2003 14:50:29 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-security@freebsd.org Subject: Re: unified authentication Message-ID: <20030924145029.V18252@seekingfire.com> In-Reply-To: <200309241555.30825.jesse@wingnet.net>; from jesse@wingnet.net on Wed, Sep 24, 2003 at 03:55:30PM -0400 References: <bks9kq$46u$1@sea.gmane.org> <20030924122724.V31322@localhost> <200309241555.30825.jesse@wingnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 24, 2003 at 03:55:30PM -0400, Jesse Guardiani wrote: > Well, I'm currently trying to decide between these then: > > Kerberos > RADIUS > LDAP (OpenLDAP only. I don't have a proprietary LDAP solution.) > TACACS > pam_smb, possibly. These aren't necessarily mutually exclusive. > I'm ruling out NIS/NIS+ because: > -------------------------------- > 1.) I'd like something with decent cyptography built in. That's why I conceptually > like Kerberos. > 2.) AFAIK, no Cisco support. NIS (for authorization info) with Kerberos 5 (for authentication) provides decent cryptography and wide platform support. Cisco supports Kerberos. > Once I get authentication working, how do I handle > the creation of home directories and basic user > files across multiple machines? > > Do I need to start running NFS, or is there a more > elegant solution? OpenAFS, very elegant solution. Unfortunately, it doesn't work on FreeBSD yet (or anymore as a client). -T -- The beauty of the democratic systems of thought control, as contrasted with their clumsy totalitarian counterparts, is that they operate by subtly establishing on a voluntary basis - aided by the force of nationalism and media control by substantial interests - presuppositions that set the limits of debate, rather than by imposing beliefs with a bludgeon. - Noam Chomsky, _After the Cataclysm_
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030924145029.V18252>