James Roman wrote:
>
> From what I can see it looks like the missing piece would be the ability
> to look up tac_plus user->group assignments from the FreeIPA/389 LDAP
> server. It looks like tac_plus has ""integrated"" the authentication
> with LDAP via PAM, but not the authorization. When buildi
James Roman wrote:
>
>>>
>>> From both a network and a security point of view, TACACS+ is
>>> considered preferable to RADIUS; among other benefits, it enciphers
>>> the entire conversation, rather than just portions of it, and can
>>> provide more fine-grain authorization than RADIUS. Most Cisco
On 08/25/2010 11:22 AM, James Roman wrote:
The more practical solution which may be available to you would be to
avail yourself of the PAM integration in the tac_plus project (but to
be honest I don't see how that would give you any of the sophisticated
features you cite as being a prime motivato
Attila Bogár wrote:
> Hi,
>
> I would like to deploy an integrated Samba4 / FreeIPA environment.
>
> I would like to enquire, what's the current status of FreeIPA
> 1.9.0.pre4 and Samba4 integration.
>
> I've tried http://freeipa.org/page/Samba_4_Configuration a month ago,
> though the ldap provis
From both a network and a security point of view, TACACS+ is
considered preferable to RADIUS; among other benefits, it enciphers
the entire conversation, rather than just portions of it, and can
provide more fine-grain authorization than RADIUS. Most Cisco shops
I've encountered consider RADIU
On 08/25/2010 08:21 AM, david klein wrote:
On Wed, Aug 25, 2010 at 6:50 AM, John Dennis wrote:
On 08/24/2010 11:22 PM, david klein wrote:
Sorry to those who have already seen this; I posted to the wrong
mailing list (the -interest mailing list instead of the -users list).
As an NMS engineer,
On Wed, Aug 25, 2010 at 6:50 AM, John Dennis wrote:
> On 08/24/2010 11:22 PM, david klein wrote:
>>
>> Sorry to those who have already seen this; I posted to the wrong
>> mailing list (the -interest mailing list instead of the -users list).
>>
>> As an NMS engineer, I have a use for integrated TAC
On 08/24/2010 11:22 PM, david klein wrote:
Sorry to those who have already seen this; I posted to the wrong
mailing list (the -interest mailing list instead of the -users list).
As an NMS engineer, I have a use for integrated TACACS+ with a unified
identity solution, so that the same account nam