Re: Linux Authentication Architecture Question:
On Sep 15, 6:31 pm, hal-use...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Hal
In article <21bc80f1-87ea-4a90-a27c-a6c646c81...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"shr...@xxxxxxxxxxxxxx" <shr...@xxxxxxxxxxxxxx> writes:
I am writing a UDP server daemon in perl, and I would like to back-end
its authentication into whatever the Linux box happens to be using for
user authentication at the moment.
In consideration of PAM, LDAP, and the legacy password authentication
system, what is the most forward compatible, and installation tolerant
way of doing this? I want to be able to distribute the daemon and
have it compile and work with various distros without a myriad of
The data is not sensitive to snooping, but it does need to be
authenticated. So CHAP over UDP should be sufficient. Is there a way
to pipe to "login" on the backend or something?
That sounds like either a lot of work or bad security.
If you don't want to send the password in the clear, you have
to have some sort of encryption which probably requires something
like a connection.
That is partially correct. CHAP uses hash algorithms and a shared
random value to authenticate. Passwords are never sent, and
consequently no encryption, shared or public key is required.
Why do you want to use UDP? Why not ssh or ssl/web?
SSH is WAY to heavy. The data is not security sensitive, so why should
I burn cycles encrypting it? Second, why should I support users who
hose up their SSH or httpd installations?
These are my opinions, not necessarily my employer's. I hate spam.
- Prev by Date: Re: Linux Authentication Architecture Question:
- Next by Date: Re: Linux Authentication Architecture Question:
- Previous by thread: Re: Linux Authentication Architecture Question: