From owner-freebsd-isp Tue Sep 10 20:20:23 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA04431 for isp-outgoing; Tue, 10 Sep 1996 20:20:23 -0700 (PDT) Received: from al.imforei.apana.org.au (pjchilds@al.imforei.apana.org.au [202.12.89.41]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA04422 for ; Tue, 10 Sep 1996 20:20:07 -0700 (PDT) Received: (from pjchilds@localhost) by al.imforei.apana.org.au (8.7.5/8.7.3) id MAA19915; Wed, 11 Sep 1996 12:49:32 GMT From: Peter Childs Message-Id: <199609111249.MAA19915@al.imforei.apana.org.au> Subject: Re: Recommendations on password management. In-Reply-To: from Richard J Uren at "Sep 11, 96 07:52:33 am" To: richard@thehub.com.au (Richard J Uren) Date: Wed, 11 Sep 1996 12:49:31 +0000 () Cc: freebsd-isp@freebsd.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > Gday! Loved the cafe last time i was up in brizzy (hope i've got > > the right place) > > Thats us ;-) Neat.. now if i'd know you were a FreeBSD shop i'd have been really impressed :) > We only need something simplistic & we have to store passwords in > plaintext on the main server (some people use CHAP with PPP). Well you can rewrite the authentication part of ppp to use whatever you want... I've done it here with ijppp (we use it for our server side ppp) so that it uses the /etc/password file (via system calls) rather than /etc/ppp/ppp.secret... > > if you implement something too hacked up it may not scale too well, > > but if you use something too large then it may just not be the > > most cost/time/hastle effective way :) > > Thats the trade off alrighty. The section in the handbook on kerbos looks interesting. I don't know how it would work across a distributed system, but it might be worth looking into a bit closer. With just a few machines (like a main server, admin machine, dialup server) or like, you might want to investigate the "ssh" port (secure shell) that includes scp (secure copy)... you could then just only update the password files on the "admin" machine, and scp them out to all the nodes... Food for thought.. Regards, Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!