Thanks Graham. I'd investigated the cost of Cisco Secure ACS for NT. This
supports TACACS+ authentication for NT but costs �3395 + vat. A bit steep
methinks (especially when TACACS+ programs are available for free for
Linux).
I did notice that the Samba book I was reading mentioned LDAP, but I didn't
know there was a Apache LDAP module available.
Thanks again. If I get something working I'll let everyone know, since I
think members of this list would be interested in simpler and more secure
administration of Apache.
John
-----Original Message-----
From: Graham Leggett [mailto:[EMAIL PROTECTED]]
Sent: 26 January 2000 11:15
To: [EMAIL PROTECTED]
Subject: Re: I want to have my cake and eat it!
"Airey, John" wrote:
> 1. I want to be able to have users who access to systems over the internet
> authenticated using TACACS+. I've been down the route of trying to get a
> Cisco router to authenticate, but these only support http, ftp and telnet.
I
> want to authenticate them using https for security purposes.
You want a TACACS+ auth module for Apache.
A search at http://module.apache.org for "tacacs" gives this:
http://duke.adesium-services.fr/pub/mod_auth_tacacs/
> 2. I also want to be able to integrate NT and Samba on several Linux
servers
> so that users who have access to change files can be administered as part
of
> the NT domain. I have a Samba book that explains how to do this, however I
> would like a way of combining this with a TACACS+ server.
>
> Does anyone know of a way I can integrate either of these? I realise the
> second is off-topic for this mailing list, however I'm looking to use
> Apache-mod_ssl to reduce the number of user databases that I need to
support
> and increase security.
A far easier way of doing this would be to standardise on LDAP. Apache
can authenticate against LDAP (using the relevant module), not sure if
the cisco stuff can, but I would be surprised if it can't. Samba can
support LDAP, or even support PAM with a PAM LDAP module.
There are many ways of doing this, though I would suggest choosing your
base level authentication database carefully so that you don't find
incompatibility problems down the line.
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
