From owner-freebsd-hackers Wed Jan 24 21:00:53 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id VAA00512 for hackers-outgoing; Wed, 24 Jan 1996 21:00:53 -0800 (PST) Received: from freebsd.netcom.com (freebsd.netcom.com [198.211.79.3]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA00503 for ; Wed, 24 Jan 1996 21:00:50 -0800 (PST) Received: by freebsd.netcom.com (8.6.12/SMI-4.1) id XAA04147; Wed, 24 Jan 1996 23:04:21 -0600 From: bugs@freebsd.netcom.com (Mark Hittinger) Message-Id: <199601250504.XAA04147@freebsd.netcom.com> Subject: Re: annex vs. portmaster to server freebsd (fwd) To: hackers@freebsd.org Date: Wed, 24 Jan 1996 23:04:21 -0600 (CST) X-Mailer: ELM [version 2.4 PL25] Content-Type: text Sender: owner-hackers@freebsd.org Precedence: bulk > >We're going to purchase a terminal server (either annex III or > >portmaster 2-e) to serve a FreeBSD box. Any preferences between > >the xylogics and livingston line ? > We have both Annex's and Portmaster's here at MSU, and I can say from personal > experience, that the Portmasters dont hold a candle to the Annex in terms of > flexibility, and useability. The Annex authentication server works under > freebsd with a little modification, and works quite well. It also exports all > sorts of control to the unix host regarding the authentication process. I have to second the vote for annex here. I used both annex and portmaster also. One of the things that I found the most usefull on the annex was the ability to intercept the authentication right after the username was entered. This lets you direct the annex to rlogin to a particular box and to have that box ask for a password. The portmaster must authenticate the username/password and then perform an rlogin. If you do not want a second password prompt you must put the portmaster in your /etc/hosts.equiv - ugh! Being able to grab things right after each prompt is a very nifty feature that is not part of the radius model. On the other hand Annex'es protocol filter is an unbundled product, whereas the portmaster's protocol filtering is bundled with the box. The main thing here is to study your application and see if the portmaster authentication model will really work for you. If it will then you just have a price issue to decide! Unfortunately for me, once we had the portmasters in house (at my prior job - not netcom :-) ), I found that the authentication model really didn't fit in very well with what we were doing. Performance of both boxes is excellent and I encourage all who are going to have a lot of serial lines to look at this kind of technique instead of putting the serial interrupt load on your freebsd boxes. Regards, Mark Hittinger Netcom/Dallas bugs@freebsd.netcom.com