authentication mechanisms (was: Re: [TCWUG] a call to limbs ...)

Wed Jun 19 21:58:56 CDT 2002

when last we saw our hero (Wednesday, Jun 19, 2002), 
 Carl Wilhelm Soderstrom was madly tapping out:
> >  - common authentication infrastructure - karl has offered a server to
> >  handle some of the elements associated with creating a common
> >  authentication infrastructure.  i suggest interested parties start
> >  hammering out designs for this element
> 
> let's start by asking the fundamental question of 'what are we trying to do
> here?'

i think that the basic goal here is to provide an authentication
mechanism that folks within the group can use to determine who they
want to share access with.  

additionally, i think that it makes a lot of sense to provide simple
things like dns for these nodes to unify the infrastructure.

> 
> possible answers that have been discussed:
> - roaming NoCatAuth authentication: if NoCatAuth admins subscribe to a
>   centralized authentication service, users who register with that service
>   can go to NoCatAuth nodes that subscribe to the service, and get
>   connectivity.

this is what i was referring to regarding the authentication side of
things. 

> - simple dynamic DNS, using wget and a CGI
> - 'real' DDNS, with BIND 9

the management of dns is largely tangential to this but key
nonetheless.  looks like another element for attention as well.

> 
> all of the above could be done, no problem.
> 
> the first two, are the sort of thing that killdeer.tcwug.org was intended for.
> 
> the last one, Nate Carlson has generously offered to host on his own DNS
> server. I judge that to be a superior idea to using killdeer.tcwug.org; tho
> killdeer could be used as a secondary DNS server. (considering that they're
> in the same rack, and share the same UPS and hub, the value of that is a bit
> dubious, tho).

i have a couple machine that can be secondary dns servers.  my home
network has a couple of machine which i can segment for this and i
have machines scattered in colocation facilities around the country
which can be used for this purpose as well.  

i don't think that we're at a loss for this type of capacity.  i think
that anything we do should be hosted in several locations.  i'm a big
fan of redundancy in this type of application. 

> 
> are there any other ideas that I have missed?
> 

-- 
steve ulrich                       sulrich at botwerks.org
PGP: 8D0B 0EE9 E700 A6CF ABA7  AE5F 4FD4 07C9 133B FAFC