[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] Religious Flamewar Required - authentication



Matthew Davidson wrote:
> 
> Hello,
> 
> As PCAN (http://www.cat.org.au/pcan) is finally leaving the vapourware
> stage, I'm starting to have to think about the practicalities of setting
> up a "digital access centre", and about doing things the Right Way(TM).
> 
> I'm reading up about NIS and LDAP, but does anybody have any practical
> experiences / irrational prejudices they'd like to share about the
> various distributed authentication options?  Some constraints are:
> 
> - support for multiple platforms (GNU/Linux, Windows, MacOS)
> - beer-free & speech-free

LDAP and SSL is the way to go.

Keep looking here:

http://www.securityfocus.com/

... there will be a HOWTO article appearing on setting up OpenLDAP on
Linux + TLS / SSL over the next few days.

NIS is insecure over any sort of network.  You don't want to use it.
Kerberos for storing passwords as suggested earlier is fine and dandy but
for full user information you need LDAP.  Also, I don't know that Kerberos
is greatly more secure than LDAP basic authentication over 128 bit SSL
with SSHA passwords, although you can go the combined route and use
LDAP with Kerberos passwords.

-- 
Del

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug