From owner-freebsd-isp@FreeBSD.ORG  Sat Oct 15 22:47:32 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4B4A416A41F
	for <freebsd-isp@freebsd.org>; Sat, 15 Oct 2005 22:47:32 +0000 (GMT)
	(envelope-from aaron.glenn@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D8DAA43D46
	for <freebsd-isp@freebsd.org>; Sat, 15 Oct 2005 22:47:31 +0000 (GMT)
	(envelope-from aaron.glenn@gmail.com)
Received: by zproxy.gmail.com with SMTP id 8so658560nzo
	for <freebsd-isp@freebsd.org>; Sat, 15 Oct 2005 15:47:31 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=qOAK9ZfmnV7b+8gwT6PwqWbZfjmxVj+ukaFOUwRE1StVZ+xZuIxWJd2HhYcwx6cjfKtUJJjEXwfmHVfcj/jiouwYI7FnYYl/s6c3e53MfSNopMeYGSUZc+1zZkkAEKWIH3t2yw6GGmN/Sfv19fB2iXE57nNuK1vMf/GyRcASZjE=
Received: by 10.36.23.10 with SMTP id 10mr1125748nzw;
	Sat, 15 Oct 2005 15:47:31 -0700 (PDT)
Received: by 10.36.153.6 with HTTP; Sat, 15 Oct 2005 15:47:31 -0700 (PDT)
Message-ID: <18f601940510151547ka3573f8v2f0633010ad2874f@mail.gmail.com>
Date: Sat, 15 Oct 2005 15:47:31 -0700
From: Aaron Glenn <aaron.glenn@gmail.com>
To: Francisco Reyes <lists@natserv.com>
In-Reply-To: <20051015133148.P97899@zoraida.natserv.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <20051012234337.K63956@zoraida.natserv.net>
	<57416b300510142221r2c3da329o65d54cb0aa04fc73@mail.gmail.com>
	<20051015133148.P97899@zoraida.natserv.net>
Cc: FreeBSD ISP list <freebsd-isp@freebsd.org>
Subject: Re: Distributed authentication. Which one?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2005 22:47:32 -0000

On 10/15/05, Francisco Reyes <lists@natserv.com> wrote:
>
> So Kerberos would be more along the lines of users login in to the
> machines?

Exactly. The problem I've always had is, what happens when you can
reach the device, but the device can't reach any KDC (for whatever
reason)? How can one fall back on another authentication method while
maintaining consistant login credentials? Food for thought...

> > service, and NIS is a simple directory service introduced by Sun.
>
> Between LDAP and NIS which one would you consider to be:
> 1- More secure
> 2- Easier to maintain

I would say LDAP, but then I've never used NIS.

regards,
aaron.glenn