Date: Wed, 8 Jul 1998 23:57:25 +0000 (GMT) From: Adam David <adam@veda.is> To: freebsd-isp@FreeBSD.ORG Subject: central authentication database? Message-ID: <199807082357.XAA23388@veda.is>
next in thread | raw e-mail | index | archive | help
What tools/packages would be best to integrate in order to facilitate
implementation of the following scenario?
A server host/cluster provides service for multiple domains.
A single authentication server program (with optional fallback servers on
other hosts) does sitewide user authentication for a variety of purposes:
1. POP
2. Shell login to specified hosts
3. FTP to specified hosts
4. PAP/CHAP
5. ...
(extensible). The user specifies his username@domain and his password,
and the service type is implied by the connection/authentication being
attempted, i.e. this is a central authentication database that contains
{domain, {username, password_value, <access record>}} entries. If passwords
are to be shared between various services, the service names can be listed
in a single access record. If each service is to have a unique password,
they can be specified in multiple user records.
Integration with RADIUS (which is designed to only deal with one service per
username@domain scenarios).
Automatic generation of mailing lists from the database, for instance:
"allusers@domain1"
"allusers@domain2"
"allusers@alldomains"
"allshellusers"
"allpppusers"
(etc)... obviously these are not actual names of the lists.
Anything else worthy of mention.
Radius looks like it's mostly there, but there are various other parts need
fitting together to make this work. Has anyone already worked this one out
so I can forget about reinventing the wheel? Where does the good information
about this subject reside?
--
Adam David <adam@veda.is>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807082357.XAA23388>