[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius


> Central RADIUS server, it has a full password+shadow file. The passwd
> file can then be rdist (or whatever) to the client machines. Have client
> programs, login, pop3d, ftpd, etc check (via PAM through RADIUS) to the
> central server.

Part of the reason I don't want to do this is that the distribution
mechanism's security (or lack of it). I haven't used rdist but if it's
based on the other r-protocols (rlogin, rexec, etc) forget it... anyway, if
I have a 2500-user passwd file, I don't want to regenerate and transfer it
every time someone makes a change on the server.

I'd also like to not have the /etc/passwd file available at ALL, except
perhaps for specific local logins such as 'root' etc. Giving a list of our
users out is not something I consider to be a Good Thing, and we have
multiple servers with different user populations but non-unique UIDs which
I'd like to have central control over. (Long story there!)

I don't think PAM cuts it as far as my requirements go (and I was so
excited when I first found out about it!)... but I intend to look at this
pwdb stuff which if it's abstract enough I might be able to convert to look
up the database directly.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []