From owner-freebsd-current  Wed Jun 10 13:58:33 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA14009
          for freebsd-current-outgoing; Wed, 10 Jun 1998 13:58:33 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from thelab.hub.org (tc-31.acadiau.ca [131.162.2.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA13881;
          Wed, 10 Jun 1998 13:58:14 -0700 (PDT)
          (envelope-from scrappy@hub.org)
Received: from localhost (scrappy@localhost) by thelab.hub.org (8.8.8/8.8.2) with SMTP id RAA22290; Wed, 10 Jun 1998 17:57:43 -0300 (ADT)
X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs
Date: Wed, 10 Jun 1998 17:57:42 -0300 (ADT)
From: The Hermit Hacker <scrappy@hub.org>
To: Dom Mitchell <dom@myrddin.demon.co.uk>
cc: "Matthew N. Dodd" <winter@jurai.net>,
        Wm Brian McCane <root@bmccane.maxbaud.net>, isp@FreeBSD.ORG,
        current@FreeBSD.ORG
Subject: Re: Radius login via getty
In-Reply-To: <E0yjqRl-0000I9-00.qmail@myrddin.demon.co.uk>
Message-ID: <Pine.BSF.3.96.980610175658.317B-100000@thelab.hub.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 10 Jun 1998, Dom Mitchell wrote:

> "Matthew N. Dodd" <winter@jurai.net> writes:
> > Touching on this subject was a previous discussion of policy based login
> > handeling.  (when/where/method based restrictions)
> > 
> > Was there ever a design proposal submited?
> > 
> > We have a number of different combinations to resolve and a solution that
> > is configurable not unlike IPFW (rule chains) might be a win.
> 
> [snip]
> 
> > We've got a number of different authentication systems to choose from as
> > well (and must take into account their needs.)
> > 
> > - flatfile username/password (normal, default fallback etc)
> > - YP/NIS
> > - NIS+
> > - S/Key
> > - .rhosts
> > - RSA (via ssh)
> > - Kerberos 4
> > - Kerberos 5
> > - Radius
> > - LDAP?
> > - External database/flatfile etc?
> > - ACE/SecureID
> 
> Really, what we're looking at here, is something like Solaris'
> /etc/nsswitch.conf.  However, that does bring a whole baggage of

	Actually, I believe that solaris is moving towards using PAM for
all this too...each of the above, I believe, already has a pam module out
there for it...

Marc G. Fournier                                
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message