From owner-freebsd-isp Tue Sep 10 21:39:00 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA09411 for isp-outgoing; Tue, 10 Sep 1996 21:39:00 -0700 (PDT) Received: from boris.clintondale.com (boris.clintondale.com [206.88.120.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA09404 for ; Tue, 10 Sep 1996 21:38:55 -0700 (PDT) Received: from localhost (matt@localhost) by boris.clintondale.com (8.7.5/8.7.3) with SMTP id AAA00194; Wed, 11 Sep 1996 00:22:02 -0400 (EDT) Date: Wed, 11 Sep 1996 00:22:02 -0400 (EDT) From: Matt Hamilton To: Peter Childs cc: Richard J Uren , freebsd-isp@FreeBSD.org Subject: Re: Recommendations on password management. In-Reply-To: <199609111249.MAA19915@al.imforei.apana.org.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > The section in the handbook on kerbos looks interesting. I don't know > how it would work across a distributed system, but it might be worth > looking into a bit closer. I know of a sysop that is trying to hack radius authentication into the logon for his machines. So when a user enters their usename and password it is encrypted and sent to a central radius server (that also controls the Portmasters and Ascends) for verification. This seems like a pretty good solution as it is secure and easily scalable and it fits in easily with his existing setup (as he already has a radius server for it to connect to). To make the job EVEN easier his user accounting package (UTA) has or is (I'm not sure this was a while ago) come out with a radius add on for their package. This means that the users info is entered once when the user subscribes and that's it! -Matt