From owner-freebsd-security Tue May 7 10:24: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from agena.meridian-enviro.com (thunder.meridian-enviro.com [207.109.234.227]) by hub.freebsd.org (Postfix) with ESMTP id B33D237B403 for ; Tue, 7 May 2002 10:24:00 -0700 (PDT) Received: from delta.meridian-enviro.com (delta.meridian-enviro.com [10.10.10.43]) by agena.meridian-enviro.com (8.11.6/8.11.6) with ESMTP id g47HNwW27226; Tue, 7 May 2002 12:23:58 -0500 (CDT) (envelope-from rand@meridian-enviro.com) Date: Tue, 07 May 2002 12:23:57 -0500 Message-ID: <87elgnj2he.wl@delta.meridian-enviro.com> From: "Douglas K. Rand" To: Mikel King Cc: freebsd-security@FreeBSD.ORG Subject: Re: Centralized authentication In-Reply-To: <3CD8058D.4090706@ocsinternet.com> References: <874riov1et.wl@delta.meridian-enviro.com> <87d6x8smle.fsf@delta.meridian-enviro.com> <3CD8058D.4090706@ocsinternet.com> User-Agent: Wanderlust/2.9.7 (Unchained Melody) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 MULE XEmacs/21.4 (patch 6) (Common Lisp) (i386--freebsd) X-Face: $L%T~#'9fAQ])o]A][d7EH`V;"_;2K;TEPQB=v]rDf_2s% List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What I've started on is a NIS deployment. It was pointed out to me that all of the pam_* stuff still won't distribute the non-authentication stuff for /etc/passwd (uids, gids, home directories, shells, etc) and it won't do /etc/group stuff either. I'm right now trying to decide to distribute the encrypted passwords with NIS or to use some other pam_* thing, perhaps pam_radius. Our network is well protected by firewalls, so I'm feeling fairly comfortable with NIS for everything except the encrypted password. Actually, with the MD5 encrypted passwords, I also feel somewhat comfortable with NIS shipping those, but I'm still thinking about that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message