Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

[Q] Unified authentication & authorisation for Unix, NT and Cisco routers?

From: Ian Jones <ijones () netstore net>
Date: Tue, 20 Oct 1998 14:57:54 +0100

Greetings all,

I'm trying to achieve a unified authentication for the Unix & NT servers,
and Cisco routers at my site. I would also ideally like to link this with
an authorisation scheme, with the ideal outcomes:

* Single server for authentication (with option for a fallback server)
* Ability to control authorisation from this server, using simple "is this
user permitted or not"

The authentication server would run on Unix or NT, with a preference for
Unix. The router and I've done this sort of thing before with Unix and the
Cisco routers using old XTACACS, but NT is relatively new to me. The server
could be commercial, though I have a preference for being able to look at
the source!

I'm having trouble finding information about NT, and some of the client
authentication parts for Unix, and would really appreciate some help.

It seems there are three obvious candidates for the authentication protocol:

    Radius, Tacacs+ & Kerberos

Here's what I can see so far:

Radius
======

Cisco: Supports Radius
Unix: Public domain and commercial products which support Radius available.
Can I authenticate incoming telnet/POP sessions?
NT: Commercial products and (I believe) some freeware packages, like Merit
Radius supported.

TACACS+
=======

Against: Proprietary to Cisco.

Cisco: Supports Kerberos
Unix: Public domain and commercial products support TACACS+ authentication,
but can I authenticate telnet/pop sessions to the server?
NT: Unknown, though I believe there are commercial servers like CiscoSecure
which run on NT that support TAC+ authentication.

Kerberos
========

Cisco: Supports Kerberos
Unix: Supports Kerberos
NT: No native support in NT4, though this is coming some time next year in
NT 5.

---

[Q] Any other alternatives I should be looking at?

[Q] Which of the protocols work best, or have the best future?

[Q] If the server runs on Unix, can I authenticate an NT user logon?

[Q] If the server runs on NT, can I authenticate a Unix logon?

Many thanks in advance,

Ian Jones

Ian Jones                                       
Director of professional services, Netstore Group
Tel:    +44 1344 644 013
Fax:    +44 171 681 1238
E-mail: ian () netstore net



http://www.netstore.net
Previous By Date Next
Previous By Thread Next

Current thread: