[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius




On Sat, 1 Mar 1997, Cristian Gafton wrote:

> 
> mail/ftp is okay. I wouldn't rely on RADIUS to provide shell access, but
> for an ISP it just does the work. And can be implemented and maintained
> without worry about ITAR.
> 
> 
Actually IIt wouldn't be too bad if you look at it as a 'password
distibution' system. If each system has it's own secret key, which must be
readable by only root, that system is hosed anyway (root should never be
distributed via the network anyway, or what happens if radius goes down).
If you use OTP's (one time passwords), then it is a moot point, unles you
steal the key, and craft a spoofed packet...

jf






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []