[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authorization



>>>>> "Frank" == Frank Cusack <fcusack@iconnet.net> writes:

    Frank> But as for being able to login, Cisco actually has this
    Frank> part right.  Kerberos provides authentication, not
    Frank> authorization. Once a principal's identity is verified, to
    Frank> restrict logins you need to use tacacs+/xtacacs/radius for
    Frank> authorization. Unfortunately, the 'secret' for those
    Frank> protocols is directly visible in the UI.

I am interested in Authorization... So far I have seen SESAME and DCE
- both are non-free solutions.

What are tacacs+/xtacacs/radius? Ares these any good as authorization
protocols? Are they free solutions? Can anyone provide my with URLs?

Also, what is wrong/insufficient with authorization directly based on
the principle's identity? (I assume programs supplied with Heimdal fall
under this category?) I have heard people so this before, but am still
confused. How do proper authorization protocols do authorization in a
better way?

Thanks in advance.
-- 
Brian May <bmay@csse.monash.edu.au>