We are currently authenticating with local users, which is suboptimal for a variety of reasons, though it is simple. I’m deploying centralized authentication using RADIUS with Active Directory, and was curious what other people are doing. I was going to ask on Twitter, but then I thought some people might not want to say in public how they secure their network. It also thought it might be nice if everyone was able to see the results, so here is a poll so we can see how others are doing it.
FIN
I’ve been considering the same thing, leaning toward RADIUS with openldap. I’m interested in seeing how this turns out as well.
Don’t forget there are free/open source options for TACACS+ as well. I’m a big of tac_plus http://www.pro-bono-publico.de/projects/tac_plus.html
A bit late answer:
I’ve opted for Tacacs+ but I was also able to make AD authentication work with it using PAM-modules. Also I have created some (tacacs pre/post authorization) scripts to enhance functionality. So far it has been working quite okay and now I have a better oversight of the people using our equipment.