From owner-freebsd-isp Sun Apr 20 19:23:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA07231 for isp-outgoing; Sun, 20 Apr 1997 19:23:15 -0700 (PDT) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA07209; Sun, 20 Apr 1997 19:23:03 -0700 (PDT) Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.5/8.7.3) id LAA06517; Mon, 21 Apr 1997 11:52:51 +0930 (CST) From: Michael Smith Message-Id: <199704210222.LAA06517@genesis.atrad.adelaide.edu.au> Subject: Re: Need a common passwd file among machines In-Reply-To: from Michael Dillon at "Apr 20, 97 09:14:15 am" To: michael@memra.com (Michael Dillon) Date: Mon, 21 Apr 1997 11:52:51 +0930 (CST) Cc: freebsd-isp@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Michael Dillon stands accused of saying: > > RADIUS is used by terminal servers to authenticate users by "going to some > server and asking him" and you can have a backup RADIUS server in case the > primary one goes down. I think ISP's would find it easier to manage a site > using RADIUS for all authentication, not just terminal servers. Unfortunately, Livingston have put some anal restrictions on their latest RADIUS server code. > But more importantly, I think that systems need to have a hook in the > authentication procedure so that the sysadmin can install their own > allow/deny code so that certain servers can still authenticate via RADIUS > but only certain users or only at certain times of day or only logins from > the console or from certain IP addresses. This is one of the goals of the PAM framework. I hope to have some time next week to get myself back up to date with PAM and update my BSD port of it. Once I have it building and linkable, it will be time to start discussing how to integrate it. 8) > In general, OSes with source are easy to fit into this kind of a scenario > but other ones (Solaris, SCO, IRIX, NT) are not. Solaris at least will be using PAM in 2.6 in a publically-visible fashion; it does in 2.5 but not usefully. This allows you to provide binary authentication/administration modules without requiring any source hackery. > Michael Dillon - Internet & ISP Consulting -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[