Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Jul 1998 14:21:44 -0600
From:      Wes Peters <wes@softweyr.com>
To:        chad@dcfinc.com
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: Finger and getpwent
Message-ID:  <35B103D8.20C6DED4@softweyr.com>
References:  <199807172249.PAA03916@freebie.dcfinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Chad R. Larson and Wes Peters volleyed:

> > > The other band-aids grew up, in my opinion, as people who didn't have
> > > source to their systems tried to fix things up.  We FreeBSDers have the
> > > facilities to implement a global solution similar to the SysVr4 one.
> >
> > Hopefully without the horrible over-complexity of SAF and SAC, though.
> > When you have 'keys' that are so complex you have to write another
> > command just to generate the keys for you, something has gone horribly
> > wrong with your design.
> 
> I agree with that, which is why I used the term "model".  I wouldn't
> suggest a re-implementation of SAF, but fixing all the various current
> access means to route through a common point makes sense to me.

Agreed.  There is much to admire in the capabilities of SAF, once you
figure out how to make it work.  A facility with the power of SAF and a
configuration file that can be understood by mortals would be quite
an accomplishment, especially if it allows the pluggable authentication
modules discussed elsewhere on the FreeBSD lists months ago.

It would be really cool to develop an authentication module for FreeBSD
based on a Radius server, for instance, or an LDAP directory, and have
it work with EVERY FreeBSD service that requires authentication.  I guess
this was the goal of Kerberos, but it has not appeared quite so portably
over the years, nor has it been open to extension.

With the entire networking industry howling about "Directory-Enabled
Networks", and LDAP (or at least Radius) authentication system for FreeBSD
would be a real coup, and would save us from some of the ugliness of
YP/NIS.

Hmm... this sounds like a good topic for a "Daemon's Advocate" column,
doesn't it?

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35B103D8.20C6DED4>