From owner-freebsd-hackers  Tue Mar 10 16:43:45 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA12196
          for freebsd-hackers-outgoing; Tue, 10 Mar 1998 16:43:45 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA12172;
          Tue, 10 Mar 1998 16:43:31 -0800 (PST)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (localhost [127.0.0.1])
	by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id QAA20827;
	Tue, 10 Mar 1998 16:40:31 -0800 (PST)
Message-Id: <199803110040.QAA20827@dingo.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: Mark Mayo <mark@vmunix.com>
cc: Andrzej Bialecki <abial@nask.pl>, tcobb@staff.circle.net,
        hackers@FreeBSD.ORG, msmith@FreeBSD.ORG
Subject: Re: PAM? 
In-reply-to: Your message of "Tue, 10 Mar 1998 19:35:48 EST."
             <19980310193548.10374@vmunix.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 10 Mar 1998 16:40:30 -0800
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Kerberos?  
> 
> I've been using v4 here for ages, and it works swell. Haven't tried
> v5 (actually don't even know if it's available under FreeBSD).

Yes.

> What do "SecurID tokens" give you that Kerberos doesn't?? Since NT is
> going the way of Kerberos, I'm imagining that in a few years, Kerberos
> style authentication will be all that really matters... :-)

SecurID uses a physical token (like a credit-card calculator) which 
displays a random number which changes every so often.  You use the 
number as a password.

Because the server knows the sequence, it can make allowances for time 
drift in the cards.  Guessing the sequence from a set of sample 
passwords is meant to be very difficult.

This is relatively more secure than Kerberos, but still involves a 
"trusted host".

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message