[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Thu, 27 Feb 1997, Daniel wrote:

> On Thu, 27 Feb 1997, Andrew G. Morgan wrote:
> 
> > Mark Lillywhite wrote:
> > > I can't work out where the user ID and group ID(s) are supposed to be set
> > > by PAM. In fact, from reading the pam_unix*.c and login.c code it seems to
> > > me that it's still the application's responsability to determine a numeric
> > > UID and GID(s)... which seems quite strange to me. Is there a standard way
> 
> Time to ask some questions.. I too have been thinking about a way to do
> central authentication, here is my idea (might come out in raw mode):
> 
> Central RADIUS server, it has a full password+shadow file. The passwd
> file can then be rdist (or whatever) to the client machines. Have client
> programs, login, pop3d, ftpd, etc check (via PAM through RADIUS) to the
> central server.
> 
> Thus, PAM is not doing and gid or uid lookups, because it's getting that
> from the local /etc/passwd file. The client machines can either have the
> full passwd file, or just a small one that has people you want on that
> machine. 
> 
> The central RADIUS server would not have any type of telnet or rlogin
> access for security reasons, so no-one could even SEE your shadow file. 
> 
> I might have missed something, and think of it later =)
> 
> But from my understanding, this would be a psuedo-NIS. 
> 
> Any thoughts?

This is exactly what I would love to see. RADIUS works for our Terminal
Servers and authenticates off of an (Don't laugh.. I couldn't get the
author to write a UNIX version of it..) NT server running RADIUS-NT. This
is tied into a Dial-Up management tool called "Emerald" that allows us to
easily manage our entire billing / account creation / tech support 
call tracking / call scripting process with a single program. The
centralized Database ROCKS and has cut billing down to a 20 minute process
instead of a couple of days of agony.

I would LOVE to see the implementation of a centralized RADIUS server w/
Linux authenticating it's logins via that..


--
      President of New Age Consulting Service, Inc.  Cleveland Ohio
             SLIP/PPP/Unix Shell   28.8k / ISDN / Leased Line
           http://www.nacs.net   info@nacs.net   (216)-524-8414



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []