Firewall Wizards mailing list archives
[Q] Unified authentication & authorisation for Unix, NT and Cisco routers?
From: Ian Jones <ijones () netstore net>
Date: Tue, 20 Oct 1998 14:57:54 +0100
Greetings all, I'm trying to achieve a unified authentication for the Unix & NT servers, and Cisco routers at my site. I would also ideally like to link this with an authorisation scheme, with the ideal outcomes: * Single server for authentication (with option for a fallback server) * Ability to control authorisation from this server, using simple "is this user permitted or not" The authentication server would run on Unix or NT, with a preference for Unix. The router and I've done this sort of thing before with Unix and the Cisco routers using old XTACACS, but NT is relatively new to me. The server could be commercial, though I have a preference for being able to look at the source! I'm having trouble finding information about NT, and some of the client authentication parts for Unix, and would really appreciate some help. It seems there are three obvious candidates for the authentication protocol: Radius, Tacacs+ & Kerberos Here's what I can see so far: Radius ====== Cisco: Supports Radius Unix: Public domain and commercial products which support Radius available. Can I authenticate incoming telnet/POP sessions? NT: Commercial products and (I believe) some freeware packages, like Merit Radius supported. TACACS+ ======= Against: Proprietary to Cisco. Cisco: Supports Kerberos Unix: Public domain and commercial products support TACACS+ authentication, but can I authenticate telnet/pop sessions to the server? NT: Unknown, though I believe there are commercial servers like CiscoSecure which run on NT that support TAC+ authentication. Kerberos ======== Cisco: Supports Kerberos Unix: Supports Kerberos NT: No native support in NT4, though this is coming some time next year in NT 5. --- [Q] Any other alternatives I should be looking at? [Q] Which of the protocols work best, or have the best future? [Q] If the server runs on Unix, can I authenticate an NT user logon? [Q] If the server runs on NT, can I authenticate a Unix logon? Many thanks in advance, Ian Jones Ian Jones Director of professional services, Netstore Group Tel: +44 1344 644 013 Fax: +44 171 681 1238 E-mail: ian () netstore net http://www.netstore.net
Current thread:
- [Q] Unified authentication & authorisation for Unix, NT and Cisco routers? Ian Jones (Oct 23)