Hello, I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol.

Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).

I was also looking at Kerberos as an option though there is alot overhead with the server.

SSL/TLS or EAP?

Does anyone have any suggestions?

I am looking for simple but secure and am new at the security protocols.

-regards

What kind of authentication do you actually want to do? Windows servers authenticating with RADIUS requests?? How? RADIUS is, as designed, great for network authentication, but not something for a windows client. Generally anything on the windows side you'd be looking at AD domain membership, wither to a proper DC or a Samba implementation on Linux.

Also be clear on the difference between Authentication and Authorization, Kerberos has *nothing* to do with Authz or User Information (which you haven't mentioned at all, and is only partially going to overlap with Authz), only user auth, and would be partnered with a separate directory (LDAP / NIS+ etc.) for authz and info mechanisms.

Thanks for the feedback.

Actually, my requirements that have been given to me are very vague.
Basically I have a windows client that needs to connect to a linux server.

I need to enforce both authentication and authorization.
First I need to authenticate that the windows client has the priviledge to connect and that the user ( with which the client is connect as) needs to be authorized to access different resources.


Like i said originally, as I am new at this I am looking for different suggestions, what has seen success and maybe what to stay away from.