Date: Wed, 10 Apr 2002 23:20:11 -0400 (EDT) From: Jason Hunt <leth@primus.ca> To: freebsd-isp@FreeBSD.ORG Cc: "Giovanni P. Tirloni" <tirloni@bs2.com.br>, Tyler <tjr@cagelink.com>, Alan Clegg <alan@clegg.com> Subject: Re: [OT] All-in-one server Message-ID: <20020410225902.L9968-100000@lethargic.dyndns.org> In-Reply-To: <20020410075427.E77771-100000@cagelink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Apr 2002, Tyler wrote: > I don't use it so I wouldn't know about any exploits, but the newest > version is 0.18.1 and I dunno what version is in ports. > ICRADIUS *IS* vulnerable to the said CERT advisory. This was discussed on the ICRADIUS mailing list. The lateast I saw was that a patch is being worked on and it will be in the next release. I don't know when this wiil be, but they havn't had one since June (July?). However, it is always best to do packet filtering on the RADIUS ports so that only your NASes and proxies are allowed to reach your server. A few other opinions about RADIUS servers: XTRADIUS is really nice because you set up system scripts that pass back reutrn codes to decide if a user is valid. Accounting information is also done this way. One other RADIUS server to mention is OpenRADIUS. It seems to be in the early stages of development, but looks very promising. It has a similar concept to XTRADIUS. I recommend checking them out if you are looking for major flexibility. It may or may not have any advantages over XTRADIUS, I am not sure. If you are new to RADIUS and whatnot, and you would like something "SQLable", then I would personally recommend ICRADIUS. The main reason is because it has two attributes, "Monthly-Time-Limit" and "Total-Time-Limit" which most others do not have. (ie: Cistron, Ascend, and any other 'flat-file' RADIUS servers) This is possible because it is all SQL-based. You can also do this with XTRADIUS or OpenRADIUS, but would require a lot of your own handywork. It depends how much time and expertise you have for everything. Just my two cents. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020410225902.L9968-100000>