From owner-freebsd-questions@FreeBSD.ORG Thu Jan 6 00:53:54 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E86C1065670 for ; Thu, 6 Jan 2011 00:53:54 +0000 (UTC) (envelope-from indexer@internode.on.net) Received: from mail.internode.on.net (bld-mail12.adl6.internode.on.net [150.101.137.97]) by mx1.freebsd.org (Postfix) with ESMTP id 896AA8FC19 for ; Thu, 6 Jan 2011 00:53:52 +0000 (UTC) Received: from staff-250-181.wireless.adelaide.edu.au (unverified [129.127.250.181]) by mail.internode.on.net (SurgeMail 3.8f2) with ESMTP id 51971986-1927428 for multiple; Thu, 06 Jan 2011 11:23:51 +1030 (CDT) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Indexer In-Reply-To: <20110105153217.018bd21a.wmoran@potentialtech.com> Date: Thu, 6 Jan 2011 11:23:46 +1030 Content-Transfer-Encoding: quoted-printable Message-Id: <22B48F74-6976-4DCB-8F3C-CE0D0D425173@internode.on.net> References: <534524.62805.qm@web130203.mail.mud.yahoo.com> <20110105153217.018bd21a.wmoran@potentialtech.com> To: Bill Moran X-Pgp-Agent: GPGMail 1.3.1 X-Mailer: Apple Mail (2.1082) Cc: gahn , freebsd general questions Subject: Re: freebsd and X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jan 2011 00:53:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/01/2011, at 07:02, Bill Moran wrote: >=20 > (don't see why this was on -current) >=20 > In response to gahn : >> hi all: >>=20 >> i set up the freeradius 21.100.1 on freebsd 8.1. it uses local = authentication database of /etc/passwd (thanks to the previous = discussions alan did with others). the problem is: it only works with = the condition of the server id running as "root" instead of "freeradius" = due to the one way MD5 hash of /etc/passwd file. >>=20 >> are there any other better ways to implement this? >=20 > a) Put the Radius server in a jail, so it can run as root without all = the > security concerns. > b) Use something other than /etc/passwd authentication >=20 Cant radius use pam? perhaps you should look into that.=20 It may be a pain though, freeradius is largely undocumented, and what = documentation exists is often incomplete, incorrect and full of people = touting "IT JUST WORKS" when 99% of the time, It never works. Once you = figure it out however, its great. I would highly recommend putting your = raddb into a version control system.=20 > --=20 > Bill Moran > http://www.potentialtech.com > http://people.collaborativefusion.com/~wmoran/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" William Brown pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNJRKdAAoJEHF16AnLoz6Je6YP/j5sfpXOReiyviyNututzGfA dS+/6MoBfumuzdLAxTZ5gCJ4r7hIWJSbl0vPbt8zDbigcGJKcuT63dfdeAsV/7vu /0KqeC1HbrS5mXB2bVVjUvxgm+LbTlTrS8pIkS3A1jWSvvYgqb5ABXL2gXDARJig pQ5Ehw/mJsgNNmYOrHD1FV5H1/0s0arXSK6rK/sJa7qBIyuLvfuatfK2NOFlPAr5 ST1UqvGrEVP5vA4GGO3+l4m7CBIuzVBuVaLpTpsHUXcdjxoB0bgZrR6se42z7VFo PgClT1bKv/Ht8rD9EO6oRpASAHB89/K1HpNvHbV9KT+veuKcla0xVPilpyt+XMES c4iDxwOBzml+N6QPiGdD9+GhfvZbg2JBgHoGYFXclyDJFceiDVkMgTWN75miB+d4 tMTZbtwkQNoobRmp/BCAlVqRJC3dUQeVqDSAUkuMf6ZU0WQWfh6g8qtGb0IA5mWH u0mRbBacEr4kx3bSeIzCb09DJMkDFmb1/kaQPVqUEYpU+ggW8yLV5sz/vdomdpRB 6hUfcXHnGK/GY4FsMPHaLTWghHdG6cFv8XwM/8ftsrCTtJYl0mD8xzSxqeTBCrua VPHcZ0d4gxe7reylYZfp8NqTAK96JBkRqEoTtYyi6Oiy8kbolY8SHiok98o/uydT nGM30URjS7EC7oSyL4N5 =3DppAO -----END PGP SIGNATURE-----