From owner-freebsd-net  Thu Feb 25  9:34:59 1999
Delivered-To: freebsd-net@freebsd.org
Received: from coleridge.kublai.com (coleridge.kublai.com [207.96.1.116])
	by hub.freebsd.org (Postfix) with ESMTP id 9C29114C96
	for <freebsd-net@FreeBSD.ORG>; Thu, 25 Feb 1999 09:34:56 -0800 (PST)
	(envelope-from shmit@coleridge.kublai.com)
Received: (from shmit@localhost)
	by coleridge.kublai.com (8.9.2/8.9.1) id MAA17055;
	Thu, 25 Feb 1999 12:34:27 -0500 (EST)
Date: Thu, 25 Feb 1999 12:34:27 -0500
From: Brian Cully <shmit@kublai.com>
To: mike@seidata.com
Cc: GVB <gvbmail@tns.net>, freebsd-net@FreeBSD.ORG
Subject: Re: RADIUS Solutions
Message-ID: <19990225123427.C10052@kublai.com>
Reply-To: shmit@kublai.com
Mail-Followup-To: mike@seidata.com, GVB <gvbmail@tns.net>,
	freebsd-net@FreeBSD.ORG
References: <19990223192031.C50175@kublai.com> <Pine.BSF.4.05.9902250233010.25461-100000@ns1.seidata.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1us
In-Reply-To: <Pine.BSF.4.05.9902250233010.25461-100000@ns1.seidata.com>; from mike@seidata.com on Thu, Feb 25, 1999 at 02:40:13AM -0500
X-Sender: If your mailer pays attention to this, it's broken.
X-PGP-Info: finger shmit@kublai.com for my public key.
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Feb 25, 1999 at 02:40:13AM -0500, mike@seidata.com wrote:
> On Tue, 23 Feb 1999, Brian Cully wrote:
> 
> > daemon to query directly against our provisioning system if the
> > user wasn't in the password file or if his password had been
> > invalidated.
> 
> Hacked...  your radiusd?

Well, since we have the source, it wasn't too difficult. :-)

> '...provisioning system'?  Is this to say that you, perhaps, have
> multiple systems, but they all end up being useless if the one,
> centralized provisioning system is down?

Not at all. The provisioning system pushes out new password databases
every four hours, and those databases are used in the majority of
the cases. However, we wanted instant provisioning as well, so when
we don't find an account in our local password database, we check
the provisioning system directly. This means that we only rarely
hit the network for account validation, and if the provisioning
system is down the only thing that fails is new account login.

-bjc


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message