From owner-freebsd-net  Thu Feb 25 13:10:58 1999
Delivered-To: freebsd-net@freebsd.org
Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54])
	by hub.freebsd.org (Postfix) with ESMTP id D113214D81
	for <freebsd-net@FreeBSD.ORG>; Thu, 25 Feb 1999 13:10:56 -0800 (PST)
	(envelope-from cshenton@uucom.com)
Received: (from cshenton@localhost)
	by samizdat.uucom.com (8.9.1/8.9.0) id QAA01303;
	Thu, 25 Feb 1999 16:11:01 -0500
To: spork <spork@super-g.com>
Cc: GVB <gvbmail@tns.net>, freebsd-net@FreeBSD.ORG
Subject: Re: RADIUS Solutions [synchronizing passwords across systems]
References: <Pine.BSF.4.00.9902250111080.5077-100000@super-g.inch.com>
From: Chris Shenton <cshenton@uucom.com>
Date: 25 Feb 1999 16:11:01 -0500
In-Reply-To: spork's message of Thu, 25 Feb 1999 01:14:04 -0500 (EST)
Message-ID: <86emnetcii.fsf@samizdat.uucom.com>
Lines: 16
X-Mailer: Gnus v5.5/Emacs 20.2
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

spork <spork@super-g.com> writes:

> Merit Radius does allow for crypted passwords in the 'users' file, so it
> is pretty easy to grab the wanted UIDS (generally based on group), mush
> them through a script and end up with a usable users file.  This way
> you're not needing to make actual accounts on all of your machines other
> than for staffers.  This has been working really well for us so far on our
> backup auth server.

In a previous life, I did just this in order to replicate the RADIUS
info (was using Ascend's commercial RADIUS, which had undocumented
support for crypt()'ed passwords). 

But I used "rsync" over ssh to do the copying. Ran it out of cron
every 5 minutes or so since rsync won't copy unless something
changes. Worked well and I was happy with the security via ssh.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message