From owner-freebsd-isp Thu Jan 27 23: 4:19 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.island.net.au (mail.island.net.au [203.28.142.3]) by hub.freebsd.org (Postfix) with ESMTP id DD80014DDD for ; Thu, 27 Jan 2000 23:04:15 -0800 (PST) (envelope-from hugh@island.net.au) Received: from solo (solo.island.net.au [203.28.142.5]) by mail.island.net.au (8.8.5/8.8.5) with SMTP id SAA27610; Fri, 28 Jan 2000 18:04:09 +1100 (EST) Message-ID: <002701bf695d$4e9dc260$088ea8c0@island.net.au> From: "Hugh Blandford" To: "spork" Cc: References: Subject: Re: Centralized auth shell/pop/dial Date: Fri, 28 Jan 2000 18:00:05 +1100 Organization: Island Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Charles, there was some suggestion that you could integrate NIS and Kerberos but I haven't been able to find any info on anyone who has done it. I would love to hear from people who have done this, especially if they got in running on sub-T1 WANs. Regards, Hugh ----- Original Message ----- From: spork To: Sent: Friday, January 28, 2000 11:15 AM Subject: Centralized auth shell/pop/dial > Hello, > > I know this is something of a recurring question on this list, but here it > comes again, the one that all ISPs that reach a certain size they realize > they must come here and ask... > > What options exist to scale user management beyond a few boxes? I never > touched NIS, but it seems interesting. However, I refuse to run any > rpc-based service unless I really need to. We currently have users spread > out over a number of boxes; ftp/shell/www, pop/radius, pop for dedicated > line users. It's getting to be a mess, I want to control/create these > accounts on one machine. > > If someone like Matt (from BEST) could chime in on what their scheme was > as they grew to multiple shell/pop servers, I'd love to hear it. > > I'm open to stashing all the auth info in a database, one big password > file, anything. I'm also comfortable ssh-ing files around from box to > box... > > What is the status of things that could make NIS more secure like IPSec? > Where's LDAP going? Any news about 4.0 that could make distributed auth. > easier? > > Thanks, > > Charles > > --- > Charles Sprickman > spork@super-g.com > --- > "...there's no idea that's so good you can't > ruin it with a few well-placed idiots." > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message