Re: unified authentication

From: Jesse Guardiani (jesse_at_wingnet.net)
Date: 09/24/03

  • Next message: Tillman Hodgson: "Re: unified authentication" 
    To: freebsd-security@freebsd.org
Date: Wed, 24 Sep 2003 17:25:59 -0400

    Tillman Hodgson wrote:

    > On Wed, Sep 24, 2003 at 03:55:30PM -0400, Jesse Guardiani wrote:
    >> Well, I'm currently trying to decide between these then:
    >>
    >> Kerberos
    >> RADIUS
    >> LDAP (OpenLDAP only. I don't have a proprietary LDAP solution.)
    >> TACACS
    >> pam_smb, possibly.
    >
    > These aren't necessarily mutually exclusive.
    >
    >> I'm ruling out NIS/NIS+ because:
    >> --------------------------------
    >> 1.) I'd like something with decent cyptography built in. That's why I
    >> conceptually
    >> like Kerberos.
    >> 2.) AFAIK, no Cisco support.
    >
    > NIS (for authorization info) with Kerberos 5 (for authentication)

    What's the difference between authorization and authentication?
    I thought Kerberos handled authorization by itself.

    > provides decent cryptography and wide platform support. Cisco supports
    > Kerberos.

    Although not very solidly according to other posts on this topic.

    >> Once I get authentication working, how do I handle
    >> the creation of home directories and basic user
    >> files across multiple machines?
    >>
    >> Do I need to start running NFS, or is there a more
    >> elegant solution?
    >
    > OpenAFS, very elegant solution.

    Could you explain why OpenAFS is a more elegant solution than
    NFS? 

    -- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Tillman Hodgson: "Re: unified authentication"

    Relevant Pages

    • Re: unified authentication
      ... I don't have a proprietary LDAP solution.) ... > like Kerberos. ... OpenAFS, very elegant solution. ... The beauty of the democratic systems of thought control, as contrasted with their clumsy totalitarian counterparts, is that they operate by subtly establishing on a voluntary basis - aided by the force of nationalism and media control by substantial interests - presuppositions that set the limits of debate, rather than by imposing beliefs with a bludgeon. ...
      (FreeBSD-Security)
    • Re: Kerberos tickets, SSH public key auth, AFS tokens
      ... That is, things like the Kerberos* settings, ... and not get OpenAFS tokens automatically. ... way to get OpenAFS tokens via krb5 creds, ... sshd-gssapi auth sufficient pam_krb5RA.so try_first_pass forwardable minimum_uid=92 debug ...
      (comp.protocols.kerberos)
    • Auth against external Kerberos
      ... kerberos 5, user info (gecos, home directory, shell...) by ldap, home ... from kerberos into an afs token. ... OpenAFS (ticket -> token) ...
      (comp.unix.aix)
    • setting up an openafs server on Debian
      ... kerberos and precious little about afs. ... Subject: some simple openafs questions ... openafs on Debian, which does so much of the configuration ... the documentation refers to that obtained by ...
      (Debian-User)
    • Re: Kerberos tickets, SSH public key auth, AFS tokens
      ... That is, things like the Kerberos* settings, ... and not get OpenAFS tokens automatically. ... way to get OpenAFS tokens via krb5 creds, ... and the sshd could then use pam_afs_session ...
      (comp.protocols.kerberos)