From owner-freebsd-security@FreeBSD.ORG  Wed Sep 24 14:26:06 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 29E5C16A4BF
	for <freebsd-security@freebsd.org>;
	Wed, 24 Sep 2003 14:26:06 -0700 (PDT)
Received: from main.gmane.org (main.gmane.org [80.91.224.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CFC0243FE1
	for <freebsd-security@freebsd.org>;
	Wed, 24 Sep 2003 14:26:03 -0700 (PDT)
	(envelope-from freebsd-security@m.gmane.org)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1A2H8d-00042t-00
	for <freebsd-security@freebsd.org>; Wed, 24 Sep 2003 23:25:31 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-security@freebsd.org
Received: from sea.gmane.org ([80.91.224.252])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 1A2H8c-00042l-00
	for <gmane-os-freebsd-security-general@m.gmane.org>;
	Wed, 24 Sep 2003 23:25:30 +0200
Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1A2H97-0002n1-00
	for <gmane-os-freebsd-security-general@m.gmane.org>;
	Wed, 24 Sep 2003 23:26:01 +0200
From: Jesse Guardiani <jesse@wingnet.net>
Date: Wed, 24 Sep 2003 17:25:59 -0400
Organization: WingNET
Lines: 51
Message-ID: <bkt258$af4$1@sea.gmane.org>
References: <bks9kq$46u$1@sea.gmane.org> <20030924122724.V31322@localhost>
	<200309241555.30825.jesse@wingnet.net> <20030924145029.V18252@seekingfire.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7Bit
X-Complaints-To: usenet@sea.gmane.org
User-Agent: KNode/0.7.2
X-Mail-Copies-To: never
Sender: news <news@sea.gmane.org>
Subject: Re: unified authentication
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: jesse@wingnet.net
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2003 21:26:06 -0000

Tillman Hodgson wrote:

> On Wed, Sep 24, 2003 at 03:55:30PM -0400, Jesse Guardiani wrote:
>> Well, I'm currently trying to decide between these then:
>> 
>> Kerberos
>> RADIUS
>> LDAP (OpenLDAP only. I don't have a proprietary LDAP solution.)
>> TACACS
>> pam_smb, possibly.
> 
> These aren't necessarily mutually exclusive.
> 
>> I'm ruling out NIS/NIS+ because:
>> --------------------------------
>> 1.) I'd like something with decent cyptography built in. That's why I
>> conceptually
>>     like Kerberos.
>> 2.) AFAIK, no Cisco support.
> 
> NIS (for authorization info) with Kerberos 5 (for authentication)

What's the difference between authorization and authentication?
I thought Kerberos handled authorization by itself.


> provides decent cryptography and wide platform support. Cisco supports
> Kerberos.

Although not very solidly according to other posts on this topic.


>> Once I get authentication working, how do I handle
>> the creation of home directories and basic user
>> files across multiple machines?
>> 
>> Do I need to start running NFS, or is there a more
>> elegant solution?
> 
> OpenAFS, very elegant solution.

Could you explain why OpenAFS is a more elegant solution than
NFS?

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net