From owner-freebsd-isp Wed Sep 11 00:33:52 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA18539 for isp-outgoing; Wed, 11 Sep 1996 00:33:52 -0700 (PDT) Received: from smople.thehub.com.au (smople.thehub.com.au [203.17.162.10]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA18531 for ; Wed, 11 Sep 1996 00:33:48 -0700 (PDT) Received: (from richard@localhost) by smople.thehub.com.au (8.6.12/8.6.9) id RAA18627; Wed, 11 Sep 1996 17:30:47 +1000 Date: Wed, 11 Sep 1996 17:30:47 +1000 (EST) From: Richard J Uren To: Matt Hamilton cc: Peter Childs , freebsd-isp@freebsd.org Subject: Re: Recommendations on password management. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, Matt Hamilton wrote: > > The section in the handbook on kerbos looks interesting. I don't know > > how it would work across a distributed system, but it might be worth > > looking into a bit closer. > > I know of a sysop that is trying to hack radius authentication into the > logon for his machines. So when a user enters their usename and password > it is encrypted and sent to a central radius server (that also controls > the Portmasters and Ascends) for verification. This seems like a pretty > good solution as it is secure and easily scalable and it fits in easily > with his existing setup (as he already has a radius server for it to > connect to). To make the job EVEN easier his user accounting package > (UTA) has or is (I'm not sure this was a while ago) come out with a radius > add on for their package. This means that the users info is entered once > when the user subscribes and that's it! > This sounds promising. We use radius here so that would make me extra happy. Ide be willing to contribute to the effort by porting usefull programs as well (popper, ftp etc ...). Is he using FreeBSD ? And which radius server ? Cheers Richard