Re: pam and other authentication methods
Op zo 28-09-2003, om 00:45 schreef David Z Maze:
<snip>
> I think both Kerberos and RADIUS are "single sign-on" protocols: when
> you log on you get some sort of authentication token, which you can
> use to talk to other services without typing a password. I know much
> more about Kerberos, so I'll talk about that. I think it should be
> possible using only what's included in Debian to assemble
> infrastructure that gets Kerberos tickets on login (via PAM), and then
> you have mail services (Kerberos/SASL IMAP), a filesystem (OpenAFS),
> and passwordless ssh (ssh-krb5). User passwords are only stored one
> place (the Kerberos KDC), and once they've logged in they never need
> to type their password again.
>
> Even given this, you still need some way of distributing the (public)
> information in /etc/passwd. I think LDAP is good for this.
>
> --
> David Maze dmaze@debian.org http://people.debian.org/~dmaze/
> "Theoretical politics is interesting. Politicking should be illegal."
> -- Abra Mitchell
>
This sounds like a much more integrated system and easier to maintain. I
cannot see a sysadmin juggle with all those user passwords for different
programs. Do production type servers use Kerberos or RADIUS more than
PAM?
Benedict
Reply to: