[Q] Unified authentication & authorisation for Unix, NT and Cisco routers?

Rodney van den Oever roever@nse.simac.nl
Thu, 5 Nov 1998 22:41:49 +0100


>* Single server for authentication (with option for a fallback server)
>* Ability to control authorisation from this server, using simple "is this
>user permitted or not"

You might want to take a look at Cisco's SecureACS for Windows NT or Shiva's Access Manager. Both offer about the same capabilities:

o RADIUS, Tacacs+
o It can proxy to your Windows NT Domain Controller
o Beware: you can't use CHAP if you want to use the proxy-functionality. But you might want to use keycards (OTP) for dialins anyway.
o Unix logins would have to use RADIUS or Tacacs+.
o Linux for example has a PAM-module to authenticate against NT:

ftp://samba.anu.edu.au/pub/samba/pam_ntdom
http://www.kernel.org/pub/linux/libs/pam/index.html

--
Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53
'It's not who you kill. It's what type of cereal you eat out of their skull.' - Cal Jones