[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authorization

To: heimdal-discuss@sics.se
Subject: Authorization
From: Brian May <bmay@csse.monash.edu.au>
Date: 25 Nov 1999 12:42:18 +1100
In-Reply-To: Frank Cusack's message of "Tue, 23 Nov 1999 06:50:31 -0800"
References: <199911231450.GAA00126@yem.jsv.qwest.net>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) XEmacs/20.4 (Emerald)

>>>>> "Frank" == Frank Cusack <fcusack@iconnet.net> writes:

    Frank> But as for being able to login, Cisco actually has this
    Frank> part right.  Kerberos provides authentication, not
    Frank> authorization. Once a principal's identity is verified, to
    Frank> restrict logins you need to use tacacs+/xtacacs/radius for
    Frank> authorization. Unfortunately, the 'secret' for those
    Frank> protocols is directly visible in the UI.

I am interested in Authorization... So far I have seen SESAME and DCE
- both are non-free solutions.

What are tacacs+/xtacacs/radius? Ares these any good as authorization
protocols? Are they free solutions? Can anyone provide my with URLs?

Also, what is wrong/insufficient with authorization directly based on
the principle's identity? (I assume programs supplied with Heimdal fall
under this category?) I have heard people so this before, but am still
confused. How do proper authorization protocols do authorization in a
better way?

Thanks in advance.
-- 
Brian May <bmay@csse.monash.edu.au>

Follow-Ups:
- Re: Authorization
  - From: "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

References:
- Re: Heimdal DES encryption!!
  - From: Frank Cusack <fcusack@iconnet.net>

Prev by Date: Re: Heimdal DES encryption!!
Next by Date: Re: Authorization
Prev by thread: Re: Heimdal DES encryption!!
Next by thread: Re: Authorization
Index(es):
- Date
- Thread