From owner-freebsd-security Sat Apr 6 22: 2:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from rain.macguire.net (sense-sea-MegaSub-1-125.oz.net [216.39.144.125]) by hub.freebsd.org (Postfix) with ESMTP id 35B5937B416 for ; Sat, 6 Apr 2002 22:02:39 -0800 (PST) Received: (from roo@localhost) by rain.macguire.net (8.11.6/8.11.6) id g3761oN03278; Sat, 6 Apr 2002 22:01:50 -0800 (PST) (envelope-from roo) Date: Sat, 6 Apr 2002 22:01:50 -0800 From: Benjamin Krueger To: klik Cc: "Douglas K. Rand" , freebsd-security@freebsd.org Subject: Re: Centralized authentication Message-ID: <20020406220150.C2867@rain.macguire.net> References: <874riov1et.wl@delta.meridian-enviro.com> <002401c1ddf7$557e84a0$13ed7ad1@unstable.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002401c1ddf7$557e84a0$13ed7ad1@unstable.org>; from klik@unstable.org on Sun, Apr 07, 2002 at 12:44:48AM -0500 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * klik (klik@unstable.org) [020406 21:46]: > check out LDAP > > ----- Original Message ----- > From: "Douglas K. Rand" > To: > Sent: Saturday, April 06, 2002 6:43 PM > Subject: Centralized authentication > > > > We have a few dozen FreeBSD workstaions and servers and as their > > numbers increase managing users and groups via indvidual /etc/passwd > > and /etc/group files is getting more and more tiresome. We also have > > just a few Linux boxes. > > > > We aren't a huge site, everybody is in one building on the same > > network. > > > > I was wondering what other sites are using to solve this problem. I'd highly suggest the oft-little understood but incredibly deserving Kerberos. I truly believe that if it were better documented and understood by the masses of administrators out there, it would blow away current network authentication systems. Heck, Microsoft used it to totally revitalize their network authentication scheme to enormous benefit. Sadly, they then broke it for anyone who isn't them. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message