Contents |
Centralized Authentication System for Linux (CASL)
Introduction
CASL is the Centralized Authentication System for Linux. It allows native Linux services, including Samba (Windows Networking) and Netatalk (AppleTalk Networking) to use the same username password source.
CASL is the answer for centralized authentication on a heterogeneous network. FTP, Telnet, HTTP Webserver, SSL Webserver (Secure Socket Layer), NFS, AppleShare/ASIP, NT Domain, Macintosh system and printing, POP2/3, IMAP, NIS+, LDAP, Usenet, SSH (Secure Shell), VPN (Virtual Private Networking), SLIP/PPP dial-in, and more.
Primary Authentication Centers (PACs)
CASL is designed to use either itself (MAS using the CoP protocol) or some other information source as its Primary Authentication Center (PAC). A PAC is the authoritative source of authentication information. CASL currently supports the following sources as PACs:
- SMB/CIFS
- AFP/ASIP
- LDAP
- SQL Database (MySQL, PostgreSQL, Oracle tested)
- NIS+
- Kerberos IV/V
- TACACS/XTACACS
Syncronization and Redundancy
CASL systems allow local and wide-area authentication redundancy, so that no single system is solely responsible for the authentication system. If the MAS (Master Authentication Server) goes down, the BAS tables (Backup Authentication Server) dictate who, if any, takes over as the MAS. If a BAS goes down, it too may be 'covered' by another BAS, as dictated in the BAS tables.
MAS - Master Authentication Server
The master authentication server is similar to the Windows NT Primary Domain Controller (PDC). It stores a readable and writeable copy of the CASL password database, and keeps track of the BAS tables.
TBAS - Trusted Backup Authentication Server
The trusted backup authentication server, like the MAS, also stores a readable and writeable copy of the CASL password databse. TBAS's also store a read-only copy of the BAS tables.
UTBAS - UnTrusted Backup Authentication Server
The untrusted backup authentication server is very similar to the NT Backup Domain Controller (BDC). UTBAS's only store a read-only copy of both the password database and the BAS tables.
RACS - Remote Authentication Copy Server
When CASL is in an enterprise environment, it may be necessary to store, or back up the authentication database to a local, or off-site host not involved in CASL authentication. RACS was designed for this purpose. It allows virtually any host to store an encrypted version of the CASL password database. The encryption mechanism is configurable, to suit the needs of the implementation.
CUSP - User Syncronization Protocol
CUSP is documented here.