From owner-freebsd-isp Wed Jul 8 16:57:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA19474 for freebsd-isp-outgoing; Wed, 8 Jul 1998 16:57:45 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from veda.is (veda.is [193.4.230.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA19403 for ; Wed, 8 Jul 1998 16:57:34 -0700 (PDT) (envelope-from adam@veda.is) Received: (from adam@localhost) by veda.is (8.9.0/8.9.0) id XAA23388 for freebsd-isp@freebsd.org; Wed, 8 Jul 1998 23:57:26 GMT From: Adam David Message-Id: <199807082357.XAA23388@veda.is> Subject: central authentication database? To: freebsd-isp@FreeBSD.ORG Date: Wed, 8 Jul 1998 23:57:25 +0000 (GMT) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What tools/packages would be best to integrate in order to facilitate implementation of the following scenario? A server host/cluster provides service for multiple domains. A single authentication server program (with optional fallback servers on other hosts) does sitewide user authentication for a variety of purposes: 1. POP 2. Shell login to specified hosts 3. FTP to specified hosts 4. PAP/CHAP 5. ... (extensible). The user specifies his username@domain and his password, and the service type is implied by the connection/authentication being attempted, i.e. this is a central authentication database that contains {domain, {username, password_value, }} entries. If passwords are to be shared between various services, the service names can be listed in a single access record. If each service is to have a unique password, they can be specified in multiple user records. Integration with RADIUS (which is designed to only deal with one service per username@domain scenarios). Automatic generation of mailing lists from the database, for instance: "allusers@domain1" "allusers@domain2" "allusers@alldomains" "allshellusers" "allpppusers" (etc)... obviously these are not actual names of the lists. Anything else worthy of mention. Radius looks like it's mostly there, but there are various other parts need fitting together to make this work. Has anyone already worked this one out so I can forget about reinventing the wheel? Where does the good information about this subject reside? -- Adam David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message