Date: Wed, 11 Sep 1996 12:49:31 +0000 () From: Peter Childs <pjchilds@imforei.apana.org.au> To: richard@thehub.com.au (Richard J Uren) Cc: freebsd-isp@freebsd.org Subject: Re: Recommendations on password management. Message-ID: <199609111249.MAA19915@al.imforei.apana.org.au> In-Reply-To: <Pine.BSF.3.91.960911074904.27168D-100000@smople.thehub.com.au> from Richard J Uren at "Sep 11, 96 07:52:33 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Gday! Loved the cafe last time i was up in brizzy (hope i've got > > the right place) > > Thats us ;-) Neat.. now if i'd know you were a FreeBSD shop i'd have been really impressed :) > We only need something simplistic & we have to store passwords in > plaintext on the main server (some people use CHAP with PPP). Well you can rewrite the authentication part of ppp to use whatever you want... I've done it here with ijppp (we use it for our server side ppp) so that it uses the /etc/password file (via system calls) rather than /etc/ppp/ppp.secret... > > if you implement something too hacked up it may not scale too well, > > but if you use something too large then it may just not be the > > most cost/time/hastle effective way :) > > Thats the trade off alrighty. The section in the handbook on kerbos looks interesting. I don't know how it would work across a distributed system, but it might be worth looking into a bit closer. With just a few machines (like a main server, admin machine, dialup server) or like, you might want to investigate the "ssh" port (secure shell) that includes scp (secure copy)... you could then just only update the password files on the "admin" machine, and scp them out to all the nodes... Food for thought.. Regards, Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609111249.MAA19915>