[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Enterprise wide authentication



All,

I have a cust who has 15 linux boxes, 3 NT boxes, soon a couple of sparcs,
and mixed POPS (typically Cisco AS-52, 5300)

we are currently authenticating via radius for the pops etc.. and all is ok,
BUT (here it comes).

A large number of clients need access to various servers in our farm and
maintaining seperate passwd files
on all of these servers is becoming a real pain. (and its only going to get
worse)

Our back end accounting aystem is based on MS SQL and is about to be totally
re-written.(MS -SQL is NOT mandatory)

What I am looking for is the ability to authenticate ALL logins, whether
thru POP's or Linux boxes via radius.

to-date - initial PPP login is fine.

Telnet login requires access to the local passwd file as does FTP etc...

I have looked at cistron and with its SQL hooks it looks pretty good and
will do the job for initial authentication,
but I need radius to authenticate an authenticated user (does that make
sense ??) to permit access to a specific server.

of course auto-authentication to servers contained is the cust SQL record
and then connection to that server via telnet etc without havinbg to
re-enter username/password would be brilliant!.

Security issues preclude the use of such nice things as NSF etc. all boxes
would need to talk to the master radisu serve that lives on the database lan
(behind two firewalls)

Having just joined the PAM list, the question is will pam permit me to do
this ?? and if so how ??.

if not can anybody give me pointers ??

Suggestions please.

Steved



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []