From owner-freebsd-isp@FreeBSD.ORG  Tue Oct 18 14:37:55 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A48316A41F
	for <freebsd-isp@freebsd.org>; Tue, 18 Oct 2005 14:37:55 +0000 (GMT)
	(envelope-from francisco@natserv.net)
Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D4CE43D48
	for <freebsd-isp@freebsd.org>; Tue, 18 Oct 2005 14:37:54 +0000 (GMT)
	(envelope-from francisco@natserv.net)
Received: from localhost (localhost.natserv.net [127.0.0.1])
	by zoraida.natserv.net (Postfix) with ESMTP id 0631A7E52;
	Tue, 18 Oct 2005 10:37:53 -0400 (EDT)
Date: Tue, 18 Oct 2005 10:37:53 -0400 (EDT)
From: Francisco <francisco@natserv.net>
X-X-Sender: fran@zoraida.natserv.net
To: Tillman Hodgson <tillman@seekingfire.com>
In-Reply-To: <20051017203353.GF33270@seekingfire.com>
Message-ID: <20051018103540.K28109@zoraida.natserv.net>
References: <20051012234337.K63956@zoraida.natserv.net>
	<57416b300510142221r2c3da329o65d54cb0aa04fc73@mail.gmail.com>
	<20051015133148.P97899@zoraida.natserv.net>
	<18f601940510151547ka3573f8v2f0633010ad2874f@mail.gmail.com>
	<20051016010251.R90770@zoraida.natserv.net>
	<20051017203353.GF33270@seekingfire.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-isp@freebsd.org
Subject: Re: Distributed authentication. Which one?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2005 14:37:55 -0000

On Mon, 17 Oct 2005, Tillman Hodgson wrote:

> It has some interoperability and security issues. They're solvable, IMO.

Thanks for the feedback.

I guess a good test is to ask.. what would you use? :-)


> For example, most of the security concerns can be addressed with a
> combination of transport-mode IPsec and Kerberos and I avoid inter-
> operability issues by avoiding weird implementations of NIS ;-)

Sounds like more trouble than it's worth.
Right now I am leaning towards Kerberos or LDAP.
Need to learn more about them to see their strengths and weaknesses and 
how it would fit into our existing extructure.