Date: Sun, 20 Apr 1997 09:14:15 -0700 (PDT) From: Michael Dillon <michael@memra.com> To: freebsd-isp@FreeBSD.ORG Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Need a common passwd file among machines Message-ID: <Pine.BSI.3.93.970420090935.10900D-100000@sidhe.memra.com> In-Reply-To: <Pine.LNX.3.95.970419224831.834C-100000@phobos.illtel.denver.co.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Apr 1997, Alex Belits wrote: > P.S. Is there any existing thing or at least an idea of making one that > does this thing nicer? NIS is based on rather dumb idea that to > authenticate local user one will want to go to some server and ask him > instead of IMHO more sane approach of distributing authentication > information from that server to always perform authentication locally and > never depend on some host being accessible at the time of user's login. RADIUS is used by terminal servers to authenticate users by "going to some server and asking him" and you can have a backup RADIUS server in case the primary one goes down. I think ISP's would find it easier to manage a site using RADIUS for all authentication, not just terminal servers. But more importantly, I think that systems need to have a hook in the authentication procedure so that the sysadmin can install their own allow/deny code so that certain servers can still authenticate via RADIUS but only certain users or only at certain times of day or only logins from the console or from certain IP addresses. In general, OSes with source are easy to fit into this kind of a scenario but other ones (Solaris, SCO, IRIX, NT) are not. Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-250-546-3049 http://www.memra.com - E-mail: michael@memra.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.93.970420090935.10900D-100000>