Re: Management of temporary users

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Subject: Re: Management of temporary users
From: "Nick Owen" <nowen@wikidsystems.com>
Date: Wed, 7 Feb 2007 08:50:58 -0500
In-reply-to: <45C9AADB.3030806@deployingradius.com>
References: <415a28910702061257y2d28f6ffs3c67bfc36dab10d5@mail.gmail.com> <45C9AADB.3030806@deployingradius.com>
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Sender: owen.nick@gmail.com

On 2/7/07, Alan DeKok <aland@deployingradius.com> wrote:

Nick Owen wrote:
>
> I am looking for the best way to provision groups of users for temporary
> access across multiple servers.  The users would be using ssh and sudo.
> They would be assigned to a group of servers, then removed after the job
> was complete.   There a hundreds of servers involved.

  RADIUS may not be a good way to do this, because the users will still
need UID's, etc., which RADIUS doesn't supply.

I think we can put the UIDs into our auth server, which supports radius. I was hoping that the requests would come from the target server to the freeradius box, which would check to see if that user/group had current rights to that server, then proxy the auth request to our auth server to validate the one-time password.

--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
Now open source: http://sourceforge.net/projects/wikid-twofactor/

References:
- Management of temporary users
  - From: "Nick Owen" <nowen@wikidsystems.com>
- Re: Management of temporary users
  - From: Alan DeKok <aland@deployingradius.com>

Previous by Date: Re: Configuring FreeRADIUS and BAM for Motorola Canopy SM authentication and Bandwidth Maanagement
Next by Date: freeradius on eth1
Previous by Thread: Re: Management of temporary users
Next by Thread: Message in "radius.log"
Freeradius-Users February 2007 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.