Single point logon
lou.kamenov at aeye.net
Thu Aug 8 12:44:34 BST 2002
On Thu, Aug 08, 2002 at 12:16:56PM +0100, Ian Morrison wrote:
> (great meeting last night btw..)
> I was wondering if anyone here has some kind of single point logon
> system working; crazy phrase, but essentially some way of centrally
> managing access any of the machines on a network. As I understand it,
> Nis/Yp offers this functionality, but i'd rather not run all that rpc
This is a good thread but however, can security exist in this environment,
I mean if you`re going to do it on the WAN side? Otherwise i dont see a problem running NIS/YP in a dmz network with trusted users, however like most of the things this one has two sides bad/good.
Even on wan it`s not that hard, using a DMZ firewall which will accept only %these clients to connect to your DMZ NIS/YP controlled network, using a various ways, let say VPNs over a security layer like IPSec, and freebsd has a really good support about it.
Also for Windows clients running a MPPE encryption with the VPN using a PDC to control all of them and so on..
> I've heard people do this in various ways; ssh keys propagated via LDAP
> or CFEngine are two that spring to mind, squid perhaps another.. Has
Yeah that`s true, LDAP is quite good for keeping user settings and other bulshit like paswords/usernames, also it has a really good read speed faster than most of the DBs, that`s why *maybe* ms impl this thing into most of their services let say like Exchange, keeping a thousands of users settings/personal information stored in it...
> anyone got anything like this working on FreeBSD? In a heterogenous
> environment (mac/pc/unix)? Would be great to find out what people think
> in any event..
A good firewall can help you a lot, not only a firewall..
Although, we know about all this rpc vuln, but IMHO a good plan/infrastructure can solve/fill most of the problems/gaps.
Yeah but a new software of this kind would bring a change..
I`m quite keen on starting a gpl product that will cover all this..
br, Lou Kamenov
[ Network Infrastructure/Security Analyst ]
[ c/o AEYE Ltd, London, UK ] [AEYE R&D - http://www.aeye.net ]
[ AEYE Commercial - http://www.aeye-web.com ]
[ phone: +44 (0) 20 89469546 ] [ fax: +44 (0) 7092 129079 ]
[ mobile: +44 (0) 7905 514036 ] [ AEYE is Artificial Intelligence ]
> Stay Frosty,
> :: darq.net /#/ :: to start press any key | where's the
> ------ FreeBSD UK Users' Group - Mailing List ------
More information about the Ukfreebsd