From owner-freebsd-isp  Mon Mar 13 18: 8:54 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3])
	by hub.freebsd.org (Postfix) with ESMTP id 1883A37B658
	for <freebsd-isp@freebsd.org>; Mon, 13 Mar 2000 18:08:47 -0800 (PST)
	(envelope-from mike@sentex.net)
Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1])
	by sand2.sentex.ca (8.9.3/8.9.3) with ESMTP id VAA81117;
	Mon, 13 Mar 2000 21:08:38 -0500 (EST)
	(envelope-from mike@sentex.net)
Received: from chimp.simianscience.com (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA15981; Mon, 13 Mar 2000 21:08:37 -0500 (EST)
From: mike@sentex.net (Mike Tancsa)
To: mikey@kappaisle.com (Mike)
Cc: freebsd-isp@freebsd.org
Subject: Re: Password distribution and authentication
Date: Tue, 14 Mar 2000 02:07:54 GMT
Message-ID: <38cd9dd7.1653575155@mail.sentex.net>
References: <MAILPine.BSF.4.21.0003121349570.8203-100000@greencreek.kappaisle.com>
In-Reply-To: <MAILPine.BSF.4.21.0003121349570.8203-100000@greencreek.kappaisle.com>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 12 Mar 2000 14:00:40 -0500, in sentex.lists.freebsd.isp you wrote:

>Hi everyone!
>
>Besides using NIS (which is rather an insecure way) for password/group
>file distribution around the servers on the network, is there any other
>way to accomplish a centralized or distributed password authentication
>task? 

One avenue I am exploring now is a combo of PAM and scripts to create/sync
passwords along with RADIUS for authentication.  The first sever I am
trying it on is a new pop server.  Basically, we have our one internal
RADIUS authentication server that dialups authenticate against.  Then to
collect mail, they hit a different server that uses a slightly modified
qpopper that checks via RADIUS instead of against the master.passwd file.
I still have to populate users in the mail server's passwd file, but all
the accounts are locked out with just an * for the passwd.  This way I dont
have to copy any passwords back and forth, just uids.  I havent yet come up
with a safe enough method to generate the place holder passwd files, but
that will come in time I guess.  

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers 
could setup a national IP network." (KDW2)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message