From owner-freebsd-isp Thu Jan 27 16:15:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from super-g.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 94F2B15853 for ; Thu, 27 Jan 2000 16:15:09 -0800 (PST) (envelope-from spork@super-g.com) Received: by super-g.com (Postfix, from userid 1000) id 5AD0DB506; Thu, 27 Jan 2000 19:15:08 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by super-g.com (Postfix) with SMTP id 465A1B502 for ; Thu, 27 Jan 2000 19:15:08 -0500 (EST) Date: Thu, 27 Jan 2000 19:15:08 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: freebsd-isp@freebsd.org Subject: Centralized auth shell/pop/dial Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I know this is something of a recurring question on this list, but here it comes again, the one that all ISPs that reach a certain size they realize they must come here and ask... What options exist to scale user management beyond a few boxes? I never touched NIS, but it seems interesting. However, I refuse to run any rpc-based service unless I really need to. We currently have users spread out over a number of boxes; ftp/shell/www, pop/radius, pop for dedicated line users. It's getting to be a mess, I want to control/create these accounts on one machine. If someone like Matt (from BEST) could chime in on what their scheme was as they grew to multiple shell/pop servers, I'd love to hear it. I'm open to stashing all the auth info in a database, one big password file, anything. I'm also comfortable ssh-ing files around from box to box... What is the status of things that could make NIS more secure like IPSec? Where's LDAP going? Any news about 4.0 that could make distributed auth. easier? Thanks, Charles --- Charles Sprickman spork@super-g.com --- "...there's no idea that's so good you can't ruin it with a few well-placed idiots." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message