From owner-freebsd-current  Wed Jun 10 12:43:36 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA24588
          for freebsd-current-outgoing; Wed, 10 Jun 1998 12:43:36 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from myrddin.demon.co.uk (exim@myrddin.demon.co.uk [158.152.54.180])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA24462;
          Wed, 10 Jun 1998 12:43:05 -0700 (PDT)
          (envelope-from dom@myrddin.demon.co.uk)
Received: from dom by myrddin.demon.co.uk with local (Exim 1.80 #1)
	id 0yjqRl-0000I9-00; Wed, 10 Jun 1998 20:22:09 +0100
To: "Matthew N. Dodd" <winter@jurai.net>
Cc: The Hermit Hacker <scrappy@hub.org>,
        Wm Brian McCane <root@bmccane.maxbaud.net>, isp@FreeBSD.ORG,
        current@FreeBSD.ORG
Subject: Re: Radius login via getty
References: <Pine.BSF.3.96.980609143102.17992E-100000@sasami.jurai.net>
From: Dom Mitchell <dom@myrddin.demon.co.uk>
In-Reply-To: "Matthew N. Dodd"'s message of "Tue, 9 Jun 1998 16:24:21 -0400 (EDT)"
X-Mailer: Gnus v5.5/XEmacs 20.4 - "Emerald"
Date: Wed, 10 Jun 1998 20:22:09 +0100
Message-Id: <E0yjqRl-0000I9-00.qmail@myrddin.demon.co.uk>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Matthew N. Dodd" <winter@jurai.net> writes:
> Touching on this subject was a previous discussion of policy based login
> handeling.  (when/where/method based restrictions)
> 
> Was there ever a design proposal submited?
> 
> We have a number of different combinations to resolve and a solution that
> is configurable not unlike IPFW (rule chains) might be a win.

[snip]

> We've got a number of different authentication systems to choose from as
> well (and must take into account their needs.)
> 
> - flatfile username/password (normal, default fallback etc)
> - YP/NIS
> - NIS+
> - S/Key
> - .rhosts
> - RSA (via ssh)
> - Kerberos 4
> - Kerberos 5
> - Radius
> - LDAP?
> - External database/flatfile etc?
> - ACE/SecureID

Really, what we're looking at here, is something like Solaris'
/etc/nsswitch.conf.  However, that does bring a whole baggage of
shared library gumph with it, even though it is highly configurable.
It's probably something that is worth having, regardless.
-- 
"Every minute there's a UNIX system crashing somewhere." -- DJB

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message