Date: Wed, 24 Sep 2003 17:25:59 -0400 From: Jesse Guardiani <jesse@wingnet.net> To: freebsd-security@freebsd.org Subject: Re: unified authentication Message-ID: <bkt258$af4$1@sea.gmane.org> References: <bks9kq$46u$1@sea.gmane.org> <20030924122724.V31322@localhost> <200309241555.30825.jesse@wingnet.net> <20030924145029.V18252@seekingfire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tillman Hodgson wrote: > On Wed, Sep 24, 2003 at 03:55:30PM -0400, Jesse Guardiani wrote: >> Well, I'm currently trying to decide between these then: >> >> Kerberos >> RADIUS >> LDAP (OpenLDAP only. I don't have a proprietary LDAP solution.) >> TACACS >> pam_smb, possibly. > > These aren't necessarily mutually exclusive. > >> I'm ruling out NIS/NIS+ because: >> -------------------------------- >> 1.) I'd like something with decent cyptography built in. That's why I >> conceptually >> like Kerberos. >> 2.) AFAIK, no Cisco support. > > NIS (for authorization info) with Kerberos 5 (for authentication) What's the difference between authorization and authentication? I thought Kerberos handled authorization by itself. > provides decent cryptography and wide platform support. Cisco supports > Kerberos. Although not very solidly according to other posts on this topic. >> Once I get authentication working, how do I handle >> the creation of home directories and basic user >> files across multiple machines? >> >> Do I need to start running NFS, or is there a more >> elegant solution? > > OpenAFS, very elegant solution. Could you explain why OpenAFS is a more elegant solution than NFS? -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bkt258$af4$1>