Nicolas Williams writes: > > I strongly agree. We've needed a AAA infrastructure in Solaris for a > > _long_ time. All of the projects that have needed it have just > > implemented local hacks. > > Do you have any preference for one or another AAA implementation?
I would prefer that, to the extent possible, we would have a protocol-agnostic AAA framework. You should be able to tie your (insert name here) server into AAA for remote user authentication, authorization, and accounting without having to worry about the backend protocol or changes to it. RADIUS is still what's deployed today, and likely will be for some time to come. You can't get away with ignoring it. At the same time Diameter is what certain markets demand, and what may well end up being common in the future. If directory services (XFN, NIS, NIS+, LDAP) have taught us anything, it's that applications live long, but that administrative practices are fickle. Linking directly to the protocol itself is harmful. -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
