From owner-freebsd-isp@FreeBSD.ORG Sat Oct 15 22:47:32 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B4A416A41F for ; Sat, 15 Oct 2005 22:47:32 +0000 (GMT) (envelope-from aaron.glenn@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8DAA43D46 for ; Sat, 15 Oct 2005 22:47:31 +0000 (GMT) (envelope-from aaron.glenn@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so658560nzo for ; Sat, 15 Oct 2005 15:47:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qOAK9ZfmnV7b+8gwT6PwqWbZfjmxVj+ukaFOUwRE1StVZ+xZuIxWJd2HhYcwx6cjfKtUJJjEXwfmHVfcj/jiouwYI7FnYYl/s6c3e53MfSNopMeYGSUZc+1zZkkAEKWIH3t2yw6GGmN/Sfv19fB2iXE57nNuK1vMf/GyRcASZjE= Received: by 10.36.23.10 with SMTP id 10mr1125748nzw; Sat, 15 Oct 2005 15:47:31 -0700 (PDT) Received: by 10.36.153.6 with HTTP; Sat, 15 Oct 2005 15:47:31 -0700 (PDT) Message-ID: <18f601940510151547ka3573f8v2f0633010ad2874f@mail.gmail.com> Date: Sat, 15 Oct 2005 15:47:31 -0700 From: Aaron Glenn To: Francisco Reyes In-Reply-To: <20051015133148.P97899@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20051012234337.K63956@zoraida.natserv.net> <57416b300510142221r2c3da329o65d54cb0aa04fc73@mail.gmail.com> <20051015133148.P97899@zoraida.natserv.net> Cc: FreeBSD ISP list Subject: Re: Distributed authentication. Which one? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Oct 2005 22:47:32 -0000 On 10/15/05, Francisco Reyes wrote: > > So Kerberos would be more along the lines of users login in to the > machines? Exactly. The problem I've always had is, what happens when you can reach the device, but the device can't reach any KDC (for whatever reason)? How can one fall back on another authentication method while maintaining consistant login credentials? Food for thought... > > service, and NIS is a simple directory service introduced by Sun. > > Between LDAP and NIS which one would you consider to be: > 1- More secure > 2- Easier to maintain I would say LDAP, but then I've never used NIS. regards, aaron.glenn