Firewall Wizards mailing list archives

Re: [Q] Unified authentication & authorisation for Unix, NT and Cisco routers?

From: "Rodney van den Oever" <roever () nse simac nl>
Date: Thu, 5 Nov 1998 22:41:49 +0100

* Single server for authentication (with option for a fallback server)
* Ability to control authorisation from this server, using simple "is this
user permitted or not"


You might want to take a look at Cisco's SecureACS for Windows NT or Shiva's Access Manager. Both offer about the same 
capabilities:

o RADIUS, Tacacs+
o It can proxy to your Windows NT Domain Controller
o Beware: you can't use CHAP if you want to use the proxy-functionality. But you might want to use keycards (OTP) for 
dialins anyway.
o Unix logins would have to use RADIUS or Tacacs+.
o Linux for example has a PAM-module to authenticate against NT:

ftp://samba.anu.edu.au/pub/samba/pam_ntdom
http://www.kernel.org/pub/linux/libs/pam/index.html

--
Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53
'It's not who you kill. It's what type of cereal you eat out of their skull.' - Cal Jones

Current thread:

Re: [Q] Unified authentication & authorisation for Unix, NT and Cisco routers? Rodney van den Oever (Nov 07)