> i think reality > booges things up, and it doesn't really work out.
More specifically, an auth server can provide very tight security, but where such is not needed, it is too tempting to run services on it as it is the most convenient place to do it from. Once you have enough power behind the auth server to run one service, you no longer have the security benefits. Discipline is demanded and the price is a bit steep. I know because for a long time I ran an auth server on what would be considered a toy even back then, but once it failed, it was never re-deployed. Reading some of the scary stuff the NSA seems to be getting up to, though, it is nice to know that your border equipment (not your private auth server) is unlikely ever to be "owned" by NSA spooks. Lucio. PS: I do have a dedicated auth server, but electricity supply constraints cause it to stay off most of the time, leading to bit rot. The unreliabilty of the Internet link means it cannot act as auth server for my public equipment, so that problem needs to be solved first. Running it off a photovoltaic/battery source is definitely the next plan. ------------------------------------------------------------------------------------- This email has been scanned by the MxScan Email Security System. -------------------------------------------------------------------------------------
