Date: Tue, 9 Apr 2002 11:16:28 -0500 From: "Jacques A. Vidrine" <nectar@freebsd.org> To: Bruce M Simpson <bms@spc.org> Cc: "Douglas K. Rand" <rand@meridian-enviro.com>, freebsd-security@freebsd.org Subject: Re: Centralized authentication Message-ID: <20020409161628.GK19961@madman.nectar.cc> In-Reply-To: <20020409153029.B10593@spc.org> References: <874riov1et.wl@delta.meridian-enviro.com> <20020409153029.B10593@spc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 09, 2002 at 03:30:29PM +0000, Bruce M Simpson wrote: > What pam_ldap will give you is a means of securely > verifying a user's password, s/securely/insecurely/ unless you are using SSL to protect your LDAP connection, and you are verifying certificates. In which case your response time is probably not very nice. However, the suggested approach can be modified in a useful fashion: use NIS+ for group, passwd files. Disable passwords in NIS+ (e.g. use `*' in the password field). Use Kerberos for authentication. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409161628.GK19961>