From owner-freebsd-isp Mon Jan 31 11:55:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from super-g.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 2656314BF4 for ; Mon, 31 Jan 2000 11:55:09 -0800 (PST) (envelope-from spork@super-g.com) Received: by super-g.com (Postfix, from userid 1000) id E8060B6AE; Mon, 31 Jan 2000 14:55:04 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by super-g.com (Postfix) with SMTP id D5CE5B6A2; Mon, 31 Jan 2000 14:55:04 -0500 (EST) Date: Mon, 31 Jan 2000 14:55:04 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: Hugh Blandford Cc: isp@freebsd.org Subject: Re: Centralized auth shell/pop/dial In-Reply-To: <002701bf695d$4e9dc260$088ea8c0@island.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes, I saw that thread, but it was simply a "I think you can do that" response. Looking over the Kerberos FAQ I don't see any mention of this. Still trying to get the "big picture" of just how Kerberos works. If anyone is doing such a thing, I'd be very interested in the details... I've turned up zilch on the mailing list searches so far. Thanks, --- Charles Sprickman spork@super-g.com --- "...there's no idea that's so good you can't ruin it with a few well-placed idiots." On Fri, 28 Jan 2000, Hugh Blandford wrote: > Hi Charles, > > there was some suggestion that you could integrate NIS and Kerberos but I > haven't been able to find any info on anyone who has done it. I would love > to hear from people who have done this, especially if they got in running on > sub-T1 WANs. > > Regards, > > Hugh > > ----- Original Message ----- > From: spork > To: > Sent: Friday, January 28, 2000 11:15 AM > Subject: Centralized auth shell/pop/dial > > > > Hello, > > > > I know this is something of a recurring question on this list, but here it > > comes again, the one that all ISPs that reach a certain size they realize > > they must come here and ask... > > > > What options exist to scale user management beyond a few boxes? I never > > touched NIS, but it seems interesting. However, I refuse to run any > > rpc-based service unless I really need to. We currently have users spread > > out over a number of boxes; ftp/shell/www, pop/radius, pop for dedicated > > line users. It's getting to be a mess, I want to control/create these > > accounts on one machine. > > > > If someone like Matt (from BEST) could chime in on what their scheme was > > as they grew to multiple shell/pop servers, I'd love to hear it. > > > > I'm open to stashing all the auth info in a database, one big password > > file, anything. I'm also comfortable ssh-ing files around from box to > > box... > > > > What is the status of things that could make NIS more secure like IPSec? > > Where's LDAP going? Any news about 4.0 that could make distributed auth. > > easier? > > > > Thanks, > > > > Charles > > > > --- > > Charles Sprickman > > spork@super-g.com > > --- > > "...there's no idea that's so good you can't > > ruin it with a few well-placed idiots." > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message