[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: survey of isp security practices
On Wed, 17 Nov 2004, George Jones wrote:
> On Sun, 14 Nov 2004 18:54:58 -0800, Randy Presuhn
> <randy_presuhn@mindspring.com> wrote:
> > Hi -
> > > From: "Merike Kaeo" <kaeo@merike.com>
> > > To: <opsec@ops.ietf.org>
> > > Sent: Tuesday, November 09, 2004 4:03 AM
> > > Subject: survey of isp security practices
> > ...
> > > 4. Authentication / Authorization
> > In this, or the updated structure, any discussion of authentication
> > and authorization would be incomplete if it didn't address user,
> > access control list, and key management.
>
> The scope here is core network device capabilities.
> I would submit that, given protocols such as RADIUS (Diameter, TACACS)
> that user mangement is largely an external issue (it happens on the
> RADIUS server, etc). The important bit is that the device needs to
> be able to talk to the [radius] server, be sure which server it's talking
> to, and be able to get authentication and authorization data (per command...your
> "access control lists ?") from the server.
managing local users on devices is non-scalable and a dead art... as
George said.