Date: Tue, 14 Mar 2000 02:07:54 GMT From: mike@sentex.net (Mike Tancsa) To: mikey@kappaisle.com (Mike) Cc: freebsd-isp@freebsd.org Subject: Re: Password distribution and authentication Message-ID: <38cd9dd7.1653575155@mail.sentex.net> In-Reply-To: <MAILPine.BSF.4.21.0003121349570.8203-100000@greencreek.kappaisle.com> References: <MAILPine.BSF.4.21.0003121349570.8203-100000@greencreek.kappaisle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Mar 2000 14:00:40 -0500, in sentex.lists.freebsd.isp you wrote: >Hi everyone! > >Besides using NIS (which is rather an insecure way) for password/group >file distribution around the servers on the network, is there any other >way to accomplish a centralized or distributed password authentication >task? One avenue I am exploring now is a combo of PAM and scripts to create/sync passwords along with RADIUS for authentication. The first sever I am trying it on is a new pop server. Basically, we have our one internal RADIUS authentication server that dialups authenticate against. Then to collect mail, they hit a different server that uses a slightly modified qpopper that checks via RADIUS instead of against the master.passwd file. I still have to populate users in the mail server's passwd file, but all the accounts are locked out with just an * for the passwd. This way I dont have to copy any passwords back and forth, just uids. I havent yet come up with a safe enough method to generate the place holder passwd files, but that will come in time I guess. ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38cd9dd7.1653575155>