From owner-freebsd-isp Fri Mar 6 06:47:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA03274 for freebsd-isp-outgoing; Fri, 6 Mar 1998 06:47:21 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from merit.edu (merit.edu [198.108.1.42]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA03267 for ; Fri, 6 Mar 1998 06:47:19 -0800 (PST) (envelope-from web@merit.edu) Received: from ohm.merit.edu (ohm.merit.edu [198.108.60.65]) by merit.edu (8.8.7/8.8.5) with ESMTP id JAA20276; Fri, 6 Mar 1998 09:47:17 -0500 (EST) From: William Bulley Received: (web@localhost) by ohm.merit.edu (8.6.9/8.6.5) id JAA22002; Fri, 6 Mar 1998 09:48:12 -0500 Message-Id: <199803061448.JAA22002@ohm.merit.edu> Subject: Re: Merit Radius and password changing To: abial@nask.pl (Andrzej Bialecki) Date: Fri, 6 Mar 1998 09:48:11 -0500 (EST) Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: from "Andrzej Bialecki" at Mar 6, 98 03:20:03 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Andrzej Bialecki: > > I have several questions concerning Merit Radius v. 3.5.6: Then send them to aaa-support@merit.edu as is clearly suggested on our WWW pages at the following URL: :-) http://www.merit.edu/aaa/ > * I want Radius to use its 'users' database only to authenticate users > (not unix passwords). But I don't want to store plaintext passwords there. > Is there any option to store encrypted passwords in 'users' file? The Merit AAA Server has long supported an Ecrypted-Password check-item. > * I also want to allow users to change their passwords (remember, they are > not Unix passwords, so this is not going to be passwd(1)). How can I do > this without manually editing 'users' file and restarting server? This is the $64,000 question that has plagued the RADIUS protocol and IETF RADIUS Working Group discussions for years. I would recommend using Kerberos (which has mechanisms for users to remotely change their passwords). The Merit AAA Server supports Kerberos BTW. > * What's more, I want to do this using DBM version of the server (and I > don't want to run 'builddbm' each time; besides, I think the 'radpass' > example program will change only the memory cached version of user's > password, and the version in 'users' file will remain unchanged, and when > the daemon restarts it will read in the old password, right? But > (obviously) I want the change to be permanent :-)) The support for DBM/NDBM/etc. and builddbm in the Merit AAA Server is weak. We cache all the of configuration files and therefore we see little benefit from the use of builddbm (and don't deal with it) or any access to the disk to get user profiles (since it is all in memory). The fact that radpass and builddbm are in there at all is for historical reasons. We used to track the Livingston (now Lucent) server software very closely.... Regards, web... -- William Bulley Senior Systems Research Programmer Merit Network, Inc. Email: web@merit.edu 4251 Plymouth Road, Suite C Phone: (734) 764-9993 Ann Arbor, Michigan 48105-2785 Fax: (734) 647-3185 [ If the voluptuous Star Trek Voyager Borg queen, Seven of Nine, was to have ] [ a child with the noted Vulcan scientist and mathematician, Mr. Spock, then ] [ would their offspring perhaps be named 2.71828... of 3.14159... (e of pi)? ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message