[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
>>>>> "Frank" == Frank Cusack <email@example.com> writes:
Frank> But as for being able to login, Cisco actually has this
Frank> part right. Kerberos provides authentication, not
Frank> authorization. Once a principal's identity is verified, to
Frank> restrict logins you need to use tacacs+/xtacacs/radius for
Frank> authorization. Unfortunately, the 'secret' for those
Frank> protocols is directly visible in the UI.
I am interested in Authorization... So far I have seen SESAME and DCE
- both are non-free solutions.
What are tacacs+/xtacacs/radius? Ares these any good as authorization
protocols? Are they free solutions? Can anyone provide my with URLs?
Also, what is wrong/insufficient with authorization directly based on
the principle's identity? (I assume programs supplied with Heimdal fall
under this category?) I have heard people so this before, but am still
confused. How do proper authorization protocols do authorization in a
Thanks in advance.
Brian May <firstname.lastname@example.org>