Date: Tue, 9 Apr 2002 09:41:58 -0500 From: "Jacques A. Vidrine" <nectar@freebsd.org> To: Benjamin Krueger <benjamin@macguire.net> Cc: klik <klik@unstable.org>, "Douglas K. Rand" <rand@meridian-enviro.com>, freebsd-security@freebsd.org Subject: Re: Centralized authentication Message-ID: <20020409144158.GX19961@madman.nectar.cc> In-Reply-To: <20020406220150.C2867@rain.macguire.net> References: <874riov1et.wl@delta.meridian-enviro.com> <002401c1ddf7$557e84a0$13ed7ad1@unstable.org> <20020406220150.C2867@rain.macguire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 06, 2002 at 10:01:50PM -0800, Benjamin Krueger wrote: > > ----- Original Message ----- > > From: "Douglas K. Rand" <rand@meridian-enviro.com> > > To: <freebsd-security@freebsd.org> > > Sent: Saturday, April 06, 2002 6:43 PM > > Subject: Centralized authentication > > > > > > > We have a few dozen FreeBSD workstaions and servers and as their > > > numbers increase managing users and groups via indvidual /etc/passwd > > > and /etc/group files is getting more and more tiresome. We also have > > > just a few Linux boxes. > > > > > > We aren't a huge site, everybody is in one building on the same > > > network. > > > > > > I was wondering what other sites are using to solve this problem. > > I'd highly suggest the oft-little understood but incredibly deserving > Kerberos. I truly believe that if it were better documented and understood by > the masses of administrators out there, it would blow away current network > authentication systems. Yes, Kerberos does `blow away' many authentication systems. However, the poster's subject --- ``Centralized authentication'' --- doesn't really describe what he needs. In addition to authentication, he needs authorization and directory services, which Kerberos does not provide. i.e. there is no Kerberos mechanism with which to distribute the contents of /etc/passwd and /etc/group. > Heck, Microsoft used it to totally revitalize their > network authentication scheme to enormous benefit. Sadly, they then broke it > for anyone who isn't them. That's not really an accurate assessment of the situation. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409144158.GX19961>