Re: Linux Authentication Architecture Question:



On Sep 15, 6:31 pm, hal-use...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Hal
Murray) wrote:
In article <21bc80f1-87ea-4a90-a27c-a6c646c81...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,



 "shr...@xxxxxxxxxxxxxx" <shr...@xxxxxxxxxxxxxx> writes:
Howdy,

I am writing a UDP server daemon in perl, and I would like to back-end
its authentication into whatever the Linux box happens to be using for
user authentication at the moment.

In consideration of PAM, LDAP, and the legacy password authentication
system, what is the most forward compatible, and installation tolerant
way of doing this?  I want to be able to distribute the daemon and
have it compile and work with various distros without a myriad of
grabastic dependencies.

The data is not sensitive to snooping, but it does need to be
authenticated. So CHAP over UDP should be sufficient.  Is there a way
to pipe to "login" on the backend or something?

That sounds like either a lot of work or bad security.

If you don't want to send the password in the clear, you have
to have some sort of encryption which probably requires something
like a connection.


That is partially correct. CHAP uses hash algorithms and a shared
random value to authenticate. Passwords are never sent, and
consequently no encryption, shared or public key is required.


Why do you want to use UDP?  Why not ssh or ssl/web?


SSH is WAY to heavy. The data is not security sensitive, so why should
I burn cycles encrypting it? Second, why should I support users who
hose up their SSH or httpd installations?

--
These are my opinions, not necessarily my employer's.  I hate spam.

.



Relevant Pages

  • a couple of question about authentication and encryption and SSH configuration??
    ... What I understand for authentication and encryption for RADIUS ... Today I have read SSH FAQ ... I am trying to login a switch using ssh ...
    (comp.security.ssh)
  • Re: call rsh from .NET - source code?
    ... DT> I think ssh has to be authentication as well as encryption. ... SSH authentication is not jsut username/password. ...
    (microsoft.public.dotnet.framework)
  • Enhancing IAS with extension DLLs
    ... Would it be possible, with an extension DLL for IAS, to ... make sure that the VLAN that IAS will send for a 802.1x user authentication ... Link 802.1x machine authentication with 802.1x user authentication ...
    (microsoft.public.internet.radius)
  • Re: Machine Accounts
    ... authentication and user authentication. ... - Computer authentication is performed when the wireless client ... user authentication is not performed. ... default setting for Windows XP SP1, Windows XP SP2, and Windows Server ...
    (microsoft.public.internet.radius)
  • Re: Windows Update and ISA Server 2000
    ... We use user authentication and can not change ... I can make an exception for the windows update site but the only guides ...
    (microsoft.public.windowsupdate)